{ "analysis_details": { "creation_time": "2017-08-21 23:03 (UTC+2)", "execution_successful": true, "number_of_processes": 13, "termination_reason": "timeout", "type": "analysis_details", "version": 1, "vm_analysis_duration_time": "00:02:14" }, "artifacts": { "files": [ { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\mozilla\\firefox", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Firefox", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla firefox", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\asmpdd98.default\\signons.sqlite", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\mozilla\\firefox\\profiles\\asmpdd98.default\\signons.sqlite", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Profiles\\", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\mozilla\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\HWID", "hashes": [], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\hwid", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\windows\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\ghisler\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\GHISLER\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\programdata\\ghisler\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\GHISLER\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\ghisler\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\GlobalSCAPE\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\globalscape\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\GlobalSCAPE\\CuteFTP Pro\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\globalscape\\cuteftp pro\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\GlobalSCAPE\\CuteFTP Lite\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\globalscape\\cuteftp lite\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\GlobalSCAPE\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\programdata\\globalscape\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\GlobalSCAPE\\CuteFTP Pro\\sm.dat", "hashes": [], "norm_filename": "c:\\programdata\\globalscape\\cuteftp pro\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\GlobalSCAPE\\CuteFTP Lite\\sm.dat", "hashes": [], "norm_filename": "c:\\programdata\\globalscape\\cuteftp lite\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\programdata\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\GlobalSCAPE\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\globalscape\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\GlobalSCAPE\\CuteFTP Pro\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\globalscape\\cuteftp pro\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\GlobalSCAPE\\CuteFTP Lite\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\globalscape\\cuteftp lite\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\GlobalSCAPE\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\program files (x86)\\globalscape\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\GlobalSCAPE\\CuteFTP Pro\\sm.dat", "hashes": [], "norm_filename": "c:\\program files (x86)\\globalscape\\cuteftp pro\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\GlobalSCAPE\\CuteFTP Lite\\sm.dat", "hashes": [], "norm_filename": "c:\\program files (x86)\\globalscape\\cuteftp lite\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\program files (x86)\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FlashFXP\\3\\Sites.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\flashfxp\\3\\sites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FlashFXP\\4\\Sites.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\flashfxp\\4\\sites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FlashFXP\\3\\Quick.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\flashfxp\\3\\quick.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FlashFXP\\4\\Quick.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\flashfxp\\4\\quick.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FlashFXP\\3\\History.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\flashfxp\\3\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FlashFXP\\4\\History.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\flashfxp\\4\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FlashFXP\\3\\Sites.dat", "hashes": [], "norm_filename": "c:\\programdata\\flashfxp\\3\\sites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FlashFXP\\4\\Sites.dat", "hashes": [], "norm_filename": "c:\\programdata\\flashfxp\\4\\sites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FlashFXP\\3\\Quick.dat", "hashes": [], "norm_filename": "c:\\programdata\\flashfxp\\3\\quick.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FlashFXP\\4\\Quick.dat", "hashes": [], "norm_filename": "c:\\programdata\\flashfxp\\4\\quick.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FlashFXP\\3\\History.dat", "hashes": [], "norm_filename": "c:\\programdata\\flashfxp\\3\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FlashFXP\\4\\History.dat", "hashes": [], "norm_filename": "c:\\programdata\\flashfxp\\4\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FlashFXP\\3\\Sites.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\flashfxp\\3\\sites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FlashFXP\\4\\Sites.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\flashfxp\\4\\sites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FlashFXP\\3\\Quick.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\flashfxp\\3\\quick.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FlashFXP\\4\\Quick.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\flashfxp\\4\\quick.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FlashFXP\\3\\History.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\flashfxp\\3\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FlashFXP\\4\\History.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\flashfxp\\4\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FileZilla\\sitemanager.xml", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\filezilla\\sitemanager.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FileZilla\\recentservers.xml", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\filezilla\\recentservers.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FileZilla\\filezilla.xml", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\filezilla\\filezilla.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FileZilla\\sitemanager.xml", "hashes": [], "norm_filename": "c:\\programdata\\filezilla\\sitemanager.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FileZilla\\recentservers.xml", "hashes": [], "norm_filename": "c:\\programdata\\filezilla\\recentservers.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FileZilla\\filezilla.xml", "hashes": [], "norm_filename": "c:\\programdata\\filezilla\\filezilla.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FileZilla\\sitemanager.xml", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\filezilla\\sitemanager.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FileZilla\\recentservers.xml", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\filezilla\\recentservers.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FileZilla\\filezilla.xml", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\filezilla\\filezilla.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\google\\chrome\\user data\\default\\web data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Client Hash", "hashes": [], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\client hash", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\BN649B.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "773da788e860440ea6c7b3a6d4801b9d", "sha1_hash": "607f9306fdcb4906b2175c5a20e002c99b29da53", "sha256_hash": "879b244120400083f562ce530c87001b46de4fc96b38a6b12a5afea22ef6efef", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\bn649b.tmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\Desktop", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FlashFXP\\5\\Sites.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\flashfxp\\5\\sites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FlashFXP\\5\\Quick.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\flashfxp\\5\\quick.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\FlashFXP\\5\\History.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\flashfxp\\5\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FlashFXP\\5\\Sites.dat", "hashes": [], "norm_filename": "c:\\programdata\\flashfxp\\5\\sites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FlashFXP\\5\\Quick.dat", "hashes": [], "norm_filename": "c:\\programdata\\flashfxp\\5\\quick.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FlashFXP\\5\\History.dat", "hashes": [], "norm_filename": "c:\\programdata\\flashfxp\\5\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FlashFXP\\5\\Sites.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\flashfxp\\5\\sites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FlashFXP\\5\\Quick.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\flashfxp\\5\\quick.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\FlashFXP\\5\\History.dat", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\flashfxp\\5\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Jaxx\\Local Storage\\file__0.localstorage", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\jaxx\\local storage\\file__0.localstorage", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Teetfo", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\teetfo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Byheq", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\byheq", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Utobyg", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\utobyg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Byheq\\hybe.ifi", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "a044d696891917f5b2de228a2b4191fc", "sha1_hash": "3a9f36226dc4686d75cfefc71d2b8755b38bb38b", "sha256_hash": "8e834cabb162d65422c401c08aef958849539d7e3499d9ae08f53e76b610dbad", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\byheq\\hybe.ifi", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Utobyg\\aslim.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "773da788e860440ea6c7b3a6d4801b9d", "sha1_hash": "607f9306fdcb4906b2175c5a20e002c99b29da53", "sha256_hash": "879b244120400083f562ce530c87001b46de4fc96b38a6b12a5afea22ef6efef", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\utobyg\\aslim.exe", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Teetfo\\ugav.ocv", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\teetfo\\ugav.ocv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Teetfo\\ugav.tmp", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\teetfo\\ugav.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\okguaxb.crt", "hashes": [ { "md5_hash": "a78828838883401dbf1ec05583bc7c8a", "sha1_hash": "e6a3a437d4b3fbfd5750e5aa962570c1da1ef6fd", "sha256_hash": "ca3afa28388e5b26ef47402c85adf558d8610d097f67637d8d01456145afb3b9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\okguaxb.crt", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\asmpdd98.default\\cert8.db", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\mozilla\\firefox\\profiles\\asmpdd98.default\\cert8.db", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\libeay32.dll", "hashes": [ { "md5_hash": "2ed6a2a2be88d3a48fa820a6bb15cd25", "sha1_hash": "fbbfa096208027cb99174dac08b16818db397521", "sha256_hash": "d61532be14bec8dd27477b58cb767579d58900634b0c33b8ade81aec85171b0b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libeay32.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\libevent-2-0-5.dll", "hashes": [ { "md5_hash": "90f50a285efa5dd9c7fddce786bdef25", "sha1_hash": "54213da21542e11d656bb65db724105afe8be688", "sha256_hash": "77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libevent-2-0-5.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\libgcc_s_sjlj-1.dll", "hashes": [ { "md5_hash": "73d4823075762ee2837950726baa2af9", "sha1_hash": "ebce3532ed94ad1df43696632ab8cf8da8b9e221", "sha256_hash": "9aeccf88253d4557a90793e22414868053caaab325842c0d7acb0365e88cd53b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libgcc_s_sjlj-1.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\libssp-0.dll", "hashes": [ { "md5_hash": "78581e243e2b41b17452da8d0b5b2a48", "sha1_hash": "eaefb59c31cf07e60a98af48c5348759586a61bb", "sha256_hash": "f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libssp-0.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\ssleay32.dll", "hashes": [ { "md5_hash": "acfdeda45860601f49e4d2b102078981", "sha1_hash": "7df7645fc704f955b8762593aac7b2e8535fbe29", "sha256_hash": "1c8f8ce21cd0d01c8b302ebe9c4b85a4a18babec0f84c05e56d5fa4b95bcf688", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\ssleay32.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor.exe", "hashes": [ { "md5_hash": "404242a1b8f01d51ef4789132b784691", "sha1_hash": "9059b0dfe5c629ee82c640f41041471104baf343", "sha256_hash": "58a4e31a68fb7467a0b56578548487ebd19cc9ce79584fc3fa4864ce87a15f71", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor.exe", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\zlib1.dll", "hashes": [ { "md5_hash": "fb072e9f69afdb57179f59b512f828a4", "sha1_hash": "fe71b70173e46ee4e3796db9139f77dc32d2f846", "sha256_hash": "66d653397cbb2dbb397eb8421218e2c126b359a3b0decc0f31e297df099e1383", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\zlib1.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\certutil.exe", "hashes": [ { "md5_hash": "0c6b43c9602f4d5ac9dcf907103447c4", "sha1_hash": "7a77c7ae99d400243845cce0e0931f029a73f79a", "sha256_hash": "5950722034c8505daa9b359127feb707f16c37d2f69e79d16ee6d9ec37690478", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\certutil.exe", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\freebl3.dll", "hashes": [ { "md5_hash": "269beb631b580c6d54db45b5573b1de5", "sha1_hash": "64050c1159c2bcfc0e75da407ef0098ad2de17c8", "sha256_hash": "ffc7558a61a4e6546cf095bdeabea19f05247a0daa02dca20ea3605e7fc62c77", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\freebl3.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\libnspr4.dll", "hashes": [ { "md5_hash": "6e84af2875700285309dd29294365c6a", "sha1_hash": "fc3cb3b2a704250fc36010e2ab495cdc5e7378a9", "sha256_hash": "1c158e680749e642e55f721f60a71314e26e03e785cd92e560bf650b83c4c3c8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\libnspr4.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\libplc4.dll", "hashes": [ { "md5_hash": "1fae68b740f18290b98b2f9e23313cc2", "sha1_hash": "fa3545dc8db38b3b27f1009e1d61dc2949df3878", "sha256_hash": "751c2156dc00525668dd990d99f7f61c257951c3fad01c0ee6359fcdff69f933", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\libplc4.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\libplds4.dll", "hashes": [ { "md5_hash": "9ae76db13972553a5de5bdd07b1b654d", "sha1_hash": "0c4508eb6f13b9b178237ccc4da759bff10af658", "sha256_hash": "38a906373419501966daf6ec19ca2f8db7b29609128ae5cb424d2aa511652c29", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\libplds4.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\msvcr100.dll", "hashes": [ { "md5_hash": "0e37fbfa79d349d672456923ec5fbbe3", "sha1_hash": "4e880fc7625ccf8d9ca799d5b94ce2b1e7597335", "sha256_hash": "8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\msvcr100.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\nss3.dll", "hashes": [ { "md5_hash": "a1c4628d184b6ab25550b1ce74f44792", "sha1_hash": "c2c447fd2fda68c0ec44b3529a2550d2e2a8c3bc", "sha256_hash": "3f997d3f1674de9fd119f275638861bc229352f12c70536d8c83a70fcc370847", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\nss3.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\nssdbm3.dll", "hashes": [ { "md5_hash": "051652ba7ca426846e936bc5aa3f39f3", "sha1_hash": "0012007876dde3a2d764249ad86bc428300fe91e", "sha256_hash": "8eca993570fa55e8fe8f417143eea8128a58472e23074cbd2e6af4d3bb0f0d9a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\nssdbm3.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\nssutil3.dll", "hashes": [ { "md5_hash": "c26e940b474728e728cafe5912ba418a", "sha1_hash": "7256e378a419f8d87de71835e6ad12faadaaaf73", "sha256_hash": "1af1ac51a92b36de8d85d1f572369815404912908c3a489a6cd7ca2350c2a93d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\nssutil3.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\smime3.dll", "hashes": [ { "md5_hash": "a5c670edf4411bf7f132f4280026137b", "sha1_hash": "c0e3cbdde7d3cebf41a193eeca96a11ce2b6da58", "sha256_hash": "aba2732c7a016730e94e645dd04e8fafcc173fc2e5e2aac01a1c0c66ead1983e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\smime3.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\softokn3.dll", "hashes": [ { "md5_hash": "2ab31c9401870adb4e9d88b5a6837abf", "sha1_hash": "4f0fdd699e63f614d79ed6e47ef61938117d3b7a", "sha256_hash": "22ecece561510f77b100cff8109e5ed492c34707b7b14e0774aaa9ca813de4ad", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\softokn3.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\sqlite3.dll", "hashes": [ { "md5_hash": "b58848a28a1efb85677e344db1fd67e6", "sha1_hash": "dad48e2b2b3b936efc15ac2c5f9099b7a1749976", "sha256_hash": "00db98ab4d50e9b26ecd193bfad6569e1dd395db14246f8c233febba93965f7a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\sqlite3.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\state.tmp", "hashes": [ { "md5_hash": "e4d677c20ca290bcfd1d6b243252d2c5", "sha1_hash": "e6b63577a0a80a076ee0fb4e84dc257636930d6a", "sha256_hash": "268ca275084d97b3e74e9878d76ca73b88d347eb2e773b84bba6fafbf9c91b6b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\state.tmp", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\unverified-microdesc-consensus.tmp", "hashes": [ { "md5_hash": "119ed7e89f9cb1f141177312c9095c76", "sha1_hash": "bece3039cc4e6c36d9d0b7151311a2e89393f212", "sha256_hash": "d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\unverified-microdesc-consensus.tmp", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\cached-certs.tmp", "hashes": [ { "md5_hash": "1c8c962beaa633f2cced63d4c5ad201f", "sha1_hash": "ef528bb119b2568596840d51498c2d9aa39bfbe2", "sha256_hash": "c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-certs.tmp", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\cached-microdesc-consensus.tmp", "hashes": [ { "md5_hash": "119ed7e89f9cb1f141177312c9095c76", "sha1_hash": "bece3039cc4e6c36d9d0b7151311a2e89393f212", "sha256_hash": "d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-microdesc-consensus.tmp", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\cached-microdescs.new", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-microdescs.new", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\lock", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\lock", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\router-stability", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\router-stability", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\cached-certs", "hashes": [ { "md5_hash": "1c8c962beaa633f2cced63d4c5ad201f", "sha1_hash": "ef528bb119b2568596840d51498c2d9aa39bfbe2", "sha256_hash": "c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-certs", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\cached-consensus", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-consensus", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\unverified-consensus", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\unverified-consensus", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\cached-microdesc-consensus", "hashes": [ { "md5_hash": "119ed7e89f9cb1f141177312c9095c76", "sha1_hash": "bece3039cc4e6c36d9d0b7151311a2e89393f212", "sha256_hash": "d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-microdesc-consensus", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\unverified-microdesc-consensus", "hashes": [ { "md5_hash": "119ed7e89f9cb1f141177312c9095c76", "sha1_hash": "bece3039cc4e6c36d9d0b7151311a2e89393f212", "sha256_hash": "d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\unverified-microdesc-consensus", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\geoip", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\geoip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\geoip6", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\geoip6", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\cached-microdescs", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-microdescs", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\cached-descriptors", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-descriptors", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor\\cached-extrainfo", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-extrainfo", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\asmpdd98.default/secmod.db", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\mozilla\\firefox\\profiles\\asmpdd98.default\\secmod.db", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\asmpdd98.default/key3.db", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\mozilla\\firefox\\profiles\\asmpdd98.default\\key3.db", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "62.109.18.138", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "127.0.0.1", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "18.0.0.1", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "82.223.21.74", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Local\\mtxLogMeInIgnition.IgnitionMutex", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "e", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{AE124E3B-FDD1-1422-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{85B42B0A-98E0-3F84-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Local\\{85B47B09-C8E3-3F84-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{4F600524-B6CE-F550-C27E-E7A907E66EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768}", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{4F600524-B6CE-F550-027C-E7A9C7E46EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{4F600524-B6CE-F550-6679-E7A9A3E16EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{D773FC21-4FCB-6D43-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{86709C2F-2FC5-3C40-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{E4529D1E-2EF4-5E62-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{E4529D1D-2EF7-5E62-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{E4529D1F-2EF5-5E62-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{1F05FC9E-4F74-A535-65D9-FE61A0417768}", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{6E93744F-C7A5-D4A3-65D9-FE61A0417768}", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\{B7C3F14A-42A0-0DF3-65D9-FE61A0417768}", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Licenses", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\CLSID\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\DesignerFeatures", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\InprocServer32", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6\\409", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6\\9", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2\\9", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2\\9\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.7", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.7\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.7\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{0D452EE1-E08F-101A-852E-02608C4D0BB4}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\\2.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\\2.0\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\\2.0\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Licenses\\8804558B-B773-11d1-BC3E-0000F87552E7", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\Instance CLSID", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\WinRAR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Adobe Flash Player Plugin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 25.0 (x86 en-US)", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MozillaMaintenanceService", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{26A24AE4-039D-4CA4-87B4-2F03217071FF}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4A03706F-666A-4037-7777-5F2748764D10}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{582EA838-9199-3518-A05C-DB09462F68EC}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{68306422-7C57-373F-8860-D26CE4BA2A15}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e52a6842-b0ac-476e-b48f-378a97a67346}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Ghisler\\Windows Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Windows Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Ghisler\\Total Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Total Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 6 Home\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 6 Professional\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 7 Home\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 7 Professional\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 8 Home\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 8 Professional\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 9\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FlashFXP\\3", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FlashFXP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FlashFXP\\4", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FlashFXP\\3", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FlashFXP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FlashFXP\\4", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FileZilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FileZilla Client", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FileZilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FileZilla Client", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\BPFTP\\Bullet Proof FTP\\Main", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\BulletProof Software\\BulletProof FTP Client\\Main", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\BPFTP\\Bullet Proof FTP\\Options", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\BulletProof Software\\BulletProof FTP Client\\Options", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\BPFTP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FTPWare\\COREFTP\\Sites", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\VanDyke\\SecureFX", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Martin Prikryl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Martin Prikryl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Opera Software", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Opera.HTML\\shell\\open\\command", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox\\Crash Reporter", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox\\TaskBarIDs", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\TaskBarIDs", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox 25.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox 25.0\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox 25.0\\extensions", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\IntelliForms\\FormData", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\ChromePlus", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Live Mail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Mail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\IncrediMail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\IncrediMail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Account Manager", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Microsoft Outlook Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\4c81aa8e3cec3747ac89336bb7dabb3d", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\660d890c36162745aa4a6e18387402e2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\8ad20125b268ee4082a7beb234d21c3e", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\91cde86748046c41886c2f5227df24b7", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\a1d7e55f7cf9a243ba916d5f08f9bae8", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\a44233f8b7f7d346b14b6c8d0728d9dd", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\ddb0922fc50b8d42be5a821ede840761", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\ee39677bbdea5143a837a52d64001c8f", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FlashFXP\\5", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FlashFXP\\5", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\aaf4e053c", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": [ "get" ], "type": "url_artifact", "url": "api.ipify.org/", "version": 1 }, { "operations": [ "post" ], "type": "url_artifact", "url": "butsulacoft.com/ls5/forum.php", "version": 1 }, { "operations": [ "post" ], "type": "url_artifact", "url": "supritofuld.ru/ls5/forum.php", "version": 1 }, { "operations": [ "get" ], "type": "url_artifact", "url": "tekstheks.nl/wp-admin/includes/1", "version": 1 }, { "operations": [], "type": "url_artifact", "url": "butsulacoft.com", "version": 1 }, { "operations": [ "post" ], "type": "url_artifact", "url": "butsulacoft.com/mlu/forum.php", "version": 1 }, { "operations": [ "get" ], "type": "url_artifact", "url": "tekstheks.nl/wp-admin/includes/2", "version": 1 }, { "operations": [ "get" ], "type": "url_artifact", "url": "tekstheks.nl/wp-admin/includes/3", "version": 1 }, { "operations": [ "post" ], "type": "url_artifact", "url": "butsulacoft.com/d2/about.php", "version": 1 }, { "operations": [ "post" ], "type": "url_artifact", "url": "fortsiretbab.com/bdl/gate.php", "version": 1 }, { "operations": [ "get" ], "type": "url_artifact", "url": "checkip.dyndns.org/", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_2", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\bn649b.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_5", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\teetfo\\ugav.ocv", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_6", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\byheq\\hybe.ifi", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_7", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\utobyg\\aslim.exe", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/607f9306fdcb4906b2175c5a20e002c99b29da53", "file_type": "created_file", "id": "file_3", "md5_hash": "773da788e860440ea6c7b3a6d4801b9d", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\bn649b.tmp", "sha1_hash": "607f9306fdcb4906b2175c5a20e002c99b29da53", "sha256_hash": "879b244120400083f562ce530c87001b46de4fc96b38a6b12a5afea22ef6efef", "size": 180224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/607f9306fdcb4906b2175c5a20e002c99b29da53", "file_type": "created_file", "id": "file_9", "md5_hash": "773da788e860440ea6c7b3a6d4801b9d", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\utobyg\\aslim.exe", "sha1_hash": "607f9306fdcb4906b2175c5a20e002c99b29da53", "sha256_hash": "879b244120400083f562ce530c87001b46de4fc96b38a6b12a5afea22ef6efef", "size": 180224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/15c23018cb8811fc61487f127284074fd7a7a513", "file_type": "created_file", "id": "file_4", "md5_hash": "2197a2a6da9cd6c3ec10de424f3d83c5", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\123[1].dat", "sha1_hash": "15c23018cb8811fc61487f127284074fd7a7a513", "sha256_hash": "ae7c326df3d6d3a1f30a828b7cbed005370bcc6b2888ddb8a746e1c8738dde37", "size": 5661523, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3a9f36226dc4686d75cfefc71d2b8755b38bb38b", "file_type": "created_file", "id": "file_8", "md5_hash": "a044d696891917f5b2de228a2b4191fc", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\byheq\\hybe.ifi", "sha1_hash": "3a9f36226dc4686d75cfefc71d2b8755b38bb38b", "sha256_hash": "8e834cabb162d65422c401c08aef958849539d7e3499d9ae08f53e76b610dbad", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c1260dd0c38fda83a493fe679cdec8ef6c8aae9", "file_type": "created_file", "id": "file_10", "md5_hash": "940b6a3f4f922c64091e4dc9a57c1781", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\start.lnk", "sha1_hash": "0c1260dd0c38fda83a493fe679cdec8ef6c8aae9", "sha256_hash": "b71d0a7877a68247e17964df8ae6fa8e8a4106437ba7c1590afea75c4d9caaa0", "size": 883, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5", "file_type": "created_file", "id": "file_11", "md5_hash": "bf619eac0cdf3f68d496ea9344137e8b", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\~dff95cfde65cdb3f5c.tmp", "sha1_hash": "5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5", "sha256_hash": "076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560", "size": 512, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbbfa096208027cb99174dac08b16818db397521", "file_type": "created_file", "id": "file_12", "md5_hash": "2ed6a2a2be88d3a48fa820a6bb15cd25", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libeay32.dll", "sha1_hash": "fbbfa096208027cb99174dac08b16818db397521", "sha256_hash": "d61532be14bec8dd27477b58cb767579d58900634b0c33b8ade81aec85171b0b", "size": 1990144, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/54213da21542e11d656bb65db724105afe8be688", "file_type": "created_file", "id": "file_13", "md5_hash": "90f50a285efa5dd9c7fddce786bdef25", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libevent-2-0-5.dll", "sha1_hash": "54213da21542e11d656bb65db724105afe8be688", "sha256_hash": "77a250e81fdaf9a075b1244a9434c30bf449012c9b647b265fa81a7b0db2513f", "size": 719217, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ebce3532ed94ad1df43696632ab8cf8da8b9e221", "file_type": "created_file", "id": "file_14", "md5_hash": "73d4823075762ee2837950726baa2af9", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libgcc_s_sjlj-1.dll", "sha1_hash": "ebce3532ed94ad1df43696632ab8cf8da8b9e221", "sha256_hash": "9aeccf88253d4557a90793e22414868053caaab325842c0d7acb0365e88cd53b", "size": 523262, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eaefb59c31cf07e60a98af48c5348759586a61bb", "file_type": "created_file", "id": "file_15", "md5_hash": "78581e243e2b41b17452da8d0b5b2a48", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libssp-0.dll", "sha1_hash": "eaefb59c31cf07e60a98af48c5348759586a61bb", "sha256_hash": "f28caebe9bc6aa5a72635acb4f0e24500494e306d8e8b2279e7930981281683f", "size": 92599, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7df7645fc704f955b8762593aac7b2e8535fbe29", "file_type": "created_file", "id": "file_16", "md5_hash": "acfdeda45860601f49e4d2b102078981", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\ssleay32.dll", "sha1_hash": "7df7645fc704f955b8762593aac7b2e8535fbe29", "sha256_hash": "1c8f8ce21cd0d01c8b302ebe9c4b85a4a18babec0f84c05e56d5fa4b95bcf688", "size": 400384, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9059b0dfe5c629ee82c640f41041471104baf343", "file_type": "created_file", "id": "file_17", "md5_hash": "404242a1b8f01d51ef4789132b784691", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor.exe", "sha1_hash": "9059b0dfe5c629ee82c640f41041471104baf343", "sha256_hash": "58a4e31a68fb7467a0b56578548487ebd19cc9ce79584fc3fa4864ce87a15f71", "size": 2967040, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fe71b70173e46ee4e3796db9139f77dc32d2f846", "file_type": "created_file", "id": "file_18", "md5_hash": "fb072e9f69afdb57179f59b512f828a4", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\zlib1.dll", "sha1_hash": "fe71b70173e46ee4e3796db9139f77dc32d2f846", "sha256_hash": "66d653397cbb2dbb397eb8421218e2c126b359a3b0decc0f31e297df099e1383", "size": 107520, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0483e182aefe4ced1301cc5960f33db4ec71bacd", "file_type": "created_file", "id": "file_19", "md5_hash": "801c4ac09de1b23450cddc2e4cc5d0cb", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\gate[1].htm", "sha1_hash": "0483e182aefe4ced1301cc5960f33db4ec71bacd", "sha256_hash": "e3e3ef35ce7e15c39f7e32fc99fe5122c78f407dc08fbc6ea44ed2b1b7b8c358", "size": 378, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8e10161663dc8505c029d455a4cbffb645493ee9", "file_type": "created_file", "id": "file_20", "md5_hash": "e8c75025c3e9c749a89c4b38a8fc2af5", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\checkip_dyndns_org[1].htm", "sha1_hash": "8e10161663dc8505c029d455a4cbffb645493ee9", "sha256_hash": "860a87ddd2c1b97a6a896edff00cdb3e00da0333ea7981b580ab9a36fa08a2cf", "size": 106, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1ef367f4aa15ad74afb8b493c7a43fa49538502c", "file_type": "created_file", "id": "file_22", "md5_hash": "17b3f7028152cf786bf9737c8784c930", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\gate[1].htm", "sha1_hash": "1ef367f4aa15ad74afb8b493c7a43fa49538502c", "sha256_hash": "83026559a6e963cc25661ddbfaac6ec3995bc4217d1ca4d07ed93ce35f248ff1", "size": 6333, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6b63577a0a80a076ee0fb4e84dc257636930d6a", "file_type": "created_file", "id": "file_23", "md5_hash": "e4d677c20ca290bcfd1d6b243252d2c5", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\state.tmp", "sha1_hash": "e6b63577a0a80a076ee0fb4e84dc257636930d6a", "sha256_hash": "268ca275084d97b3e74e9878d76ca73b88d347eb2e773b84bba6fafbf9c91b6b", "size": 221, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6b63577a0a80a076ee0fb4e84dc257636930d6a", "file_type": "created_file", "id": "file_24", "md5_hash": "e4d677c20ca290bcfd1d6b243252d2c5", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\state", "sha1_hash": "e6b63577a0a80a076ee0fb4e84dc257636930d6a", "sha256_hash": "268ca275084d97b3e74e9878d76ca73b88d347eb2e773b84bba6fafbf9c91b6b", "size": 221, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/98434bf33b9e497b7578ca1963ca479b77221c14", "file_type": "created_file", "id": "file_25", "md5_hash": "710e7f9d209f1a103df22337b838aa74", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\gate[1].htm", "sha1_hash": "98434bf33b9e497b7578ca1963ca479b77221c14", "sha256_hash": "9cae944e9aa4b23fe49ebde567ce2fee3045e864111cb1ff84daa8fe17db15f9", "size": 1040, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b3220801844de9eb3be9ea75b17a8321f2e428e0", "file_type": "created_file", "id": "file_26", "md5_hash": "185d324b2d65fb8cdd9b7451087e74e0", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\123[1].dat", "sha1_hash": "b3220801844de9eb3be9ea75b17a8321f2e428e0", "sha256_hash": "eb7111d2c484dd2bada2f4bd14652c55914506d7b463b4cf2542c69bf8bbefa5", "size": 738, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6a3a437d4b3fbfd5750e5aa962570c1da1ef6fd", "file_type": "created_file", "id": "file_27", "md5_hash": "a78828838883401dbf1ec05583bc7c8a", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\okguaxb.crt", "sha1_hash": "e6a3a437d4b3fbfd5750e5aa962570c1da1ef6fd", "sha256_hash": "ca3afa28388e5b26ef47402c85adf558d8610d097f67637d8d01456145afb3b9", "size": 1025, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7a77c7ae99d400243845cce0e0931f029a73f79a", "file_type": "created_file", "id": "file_28", "md5_hash": "0c6b43c9602f4d5ac9dcf907103447c4", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\certutil.exe", "sha1_hash": "7a77c7ae99d400243845cce0e0931f029a73f79a", "sha256_hash": "5950722034c8505daa9b359127feb707f16c37d2f69e79d16ee6d9ec37690478", "size": 103936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/64050c1159c2bcfc0e75da407ef0098ad2de17c8", "file_type": "created_file", "id": "file_29", "md5_hash": "269beb631b580c6d54db45b5573b1de5", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\freebl3.dll", "sha1_hash": "64050c1159c2bcfc0e75da407ef0098ad2de17c8", "sha256_hash": "ffc7558a61a4e6546cf095bdeabea19f05247a0daa02dca20ea3605e7fc62c77", "size": 222208, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fc3cb3b2a704250fc36010e2ab495cdc5e7378a9", "file_type": "created_file", "id": "file_30", "md5_hash": "6e84af2875700285309dd29294365c6a", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\libnspr4.dll", "sha1_hash": "fc3cb3b2a704250fc36010e2ab495cdc5e7378a9", "sha256_hash": "1c158e680749e642e55f721f60a71314e26e03e785cd92e560bf650b83c4c3c8", "size": 199680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fa3545dc8db38b3b27f1009e1d61dc2949df3878", "file_type": "created_file", "id": "file_31", "md5_hash": "1fae68b740f18290b98b2f9e23313cc2", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\libplc4.dll", "sha1_hash": "fa3545dc8db38b3b27f1009e1d61dc2949df3878", "sha256_hash": "751c2156dc00525668dd990d99f7f61c257951c3fad01c0ee6359fcdff69f933", "size": 14336, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c4508eb6f13b9b178237ccc4da759bff10af658", "file_type": "created_file", "id": "file_32", "md5_hash": "9ae76db13972553a5de5bdd07b1b654d", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\libplds4.dll", "sha1_hash": "0c4508eb6f13b9b178237ccc4da759bff10af658", "sha256_hash": "38a906373419501966daf6ec19ca2f8db7b29609128ae5cb424d2aa511652c29", "size": 12288, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4e880fc7625ccf8d9ca799d5b94ce2b1e7597335", "file_type": "created_file", "id": "file_33", "md5_hash": "0e37fbfa79d349d672456923ec5fbbe3", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\msvcr100.dll", "sha1_hash": "4e880fc7625ccf8d9ca799d5b94ce2b1e7597335", "sha256_hash": "8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18", "size": 773968, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c2c447fd2fda68c0ec44b3529a2550d2e2a8c3bc", "file_type": "created_file", "id": "file_34", "md5_hash": "a1c4628d184b6ab25550b1ce74f44792", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\nss3.dll", "sha1_hash": "c2c447fd2fda68c0ec44b3529a2550d2e2a8c3bc", "sha256_hash": "3f997d3f1674de9fd119f275638861bc229352f12c70536d8c83a70fcc370847", "size": 798720, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0012007876dde3a2d764249ad86bc428300fe91e", "file_type": "created_file", "id": "file_35", "md5_hash": "051652ba7ca426846e936bc5aa3f39f3", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\nssdbm3.dll", "sha1_hash": "0012007876dde3a2d764249ad86bc428300fe91e", "sha256_hash": "8eca993570fa55e8fe8f417143eea8128a58472e23074cbd2e6af4d3bb0f0d9a", "size": 108544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7256e378a419f8d87de71835e6ad12faadaaaf73", "file_type": "created_file", "id": "file_36", "md5_hash": "c26e940b474728e728cafe5912ba418a", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\nssutil3.dll", "sha1_hash": "7256e378a419f8d87de71835e6ad12faadaaaf73", "sha256_hash": "1af1ac51a92b36de8d85d1f572369815404912908c3a489a6cd7ca2350c2a93d", "size": 93696, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c0e3cbdde7d3cebf41a193eeca96a11ce2b6da58", "file_type": "created_file", "id": "file_37", "md5_hash": "a5c670edf4411bf7f132f4280026137b", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\smime3.dll", "sha1_hash": "c0e3cbdde7d3cebf41a193eeca96a11ce2b6da58", "sha256_hash": "aba2732c7a016730e94e645dd04e8fafcc173fc2e5e2aac01a1c0c66ead1983e", "size": 97792, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4f0fdd699e63f614d79ed6e47ef61938117d3b7a", "file_type": "created_file", "id": "file_38", "md5_hash": "2ab31c9401870adb4e9d88b5a6837abf", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\softokn3.dll", "sha1_hash": "4f0fdd699e63f614d79ed6e47ef61938117d3b7a", "sha256_hash": "22ecece561510f77b100cff8109e5ed492c34707b7b14e0774aaa9ca813de4ad", "size": 172544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dad48e2b2b3b936efc15ac2c5f9099b7a1749976", "file_type": "created_file", "id": "file_39", "md5_hash": "b58848a28a1efb85677e344db1fd67e6", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\sqlite3.dll", "sha1_hash": "dad48e2b2b3b936efc15ac2c5f9099b7a1749976", "sha256_hash": "00db98ab4d50e9b26ecd193bfad6569e1dd395db14246f8c233febba93965f7a", "size": 423936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bece3039cc4e6c36d9d0b7151311a2e89393f212", "file_type": "created_file", "id": "file_40", "md5_hash": "119ed7e89f9cb1f141177312c9095c76", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\unverified-microdesc-consensus.tmp", "sha1_hash": "bece3039cc4e6c36d9d0b7151311a2e89393f212", "sha256_hash": "d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6", "size": 2119729, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bece3039cc4e6c36d9d0b7151311a2e89393f212", "file_type": "created_file", "id": "file_41", "md5_hash": "119ed7e89f9cb1f141177312c9095c76", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\unverified-microdesc-consensus", "sha1_hash": "bece3039cc4e6c36d9d0b7151311a2e89393f212", "sha256_hash": "d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6", "size": 2119729, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bece3039cc4e6c36d9d0b7151311a2e89393f212", "file_type": "created_file", "id": "file_44", "md5_hash": "119ed7e89f9cb1f141177312c9095c76", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-microdesc-consensus.tmp", "sha1_hash": "bece3039cc4e6c36d9d0b7151311a2e89393f212", "sha256_hash": "d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6", "size": 2119729, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bece3039cc4e6c36d9d0b7151311a2e89393f212", "file_type": "created_file", "id": "file_45", "md5_hash": "119ed7e89f9cb1f141177312c9095c76", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-microdesc-consensus", "sha1_hash": "bece3039cc4e6c36d9d0b7151311a2e89393f212", "sha256_hash": "d938a81bdeea36e2a4f4d6b639f14e2f3bbf2977a637e3cb4f0434f6978849c6", "size": 2119729, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ef528bb119b2568596840d51498c2d9aa39bfbe2", "file_type": "created_file", "id": "file_42", "md5_hash": "1c8c962beaa633f2cced63d4c5ad201f", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-certs.tmp", "sha1_hash": "ef528bb119b2568596840d51498c2d9aa39bfbe2", "sha256_hash": "c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467", "size": 18574, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ef528bb119b2568596840d51498c2d9aa39bfbe2", "file_type": "created_file", "id": "file_43", "md5_hash": "1c8c962beaa633f2cced63d4c5ad201f", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor\\cached-certs", "sha1_hash": "ef528bb119b2568596840d51498c2d9aa39bfbe2", "sha256_hash": "c3839392205265d21b51be3607da8b07585dd4ac2d1c118a8306f876f4bbf467", "size": 18574, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000002-region_00000451-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000451-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "4c3b7f21b429c2448764dff51c9c89ca", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3267aa064b4db67237ab35c2b9626fe59fcae2fe", "sha256_hash": "fbe6dc7475f67d3e5f1f08b7c4062e1f8b17d1b54518b5b1885d5ca6f1cc336f", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000452-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000452-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "e46dbfda50ace286f9edbf4ec2fe57aa", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5690b4fd23aebabd6a173ce98561c746fbdcee9e", "sha256_hash": "8857ba41923493af2d57b475dbd9a48a98577e5e2d0f66854282bc5f6d8eef66", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000523-addr_0x0000000000200000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000002-region_00000523-addr_0x0000000000200000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_67", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000543-addr_0x0000000008480000-size_0x00000000000f0000-perm_rw.bin", "filename": "process_00000002-region_00000543-addr_0x0000000008480000-size_0x00000000000f0000-perm_rw.bin", "id": "proc_dump_68", "md5_hash": "935bb7b12e4ece2585419e040473180a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90fc4cdbe4f18c4a6c973208b9e6283a63dbdf32", "sha256_hash": "f2c62a087831eba8187c8240e07d4dd0e71e4f0371c13c63123abe7f1c70d2fc", "size": 983040, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000563-addr_0x0000000000230000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000563-addr_0x0000000000230000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_71", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000573-addr_0x00000000087b0000-size_0x0000000000160000-perm_rw.bin", "filename": "process_00000002-region_00000573-addr_0x00000000087b0000-size_0x0000000000160000-perm_rw.bin", "id": "proc_dump_72", "md5_hash": "6137dd4d25736229153eed1eccc9a2a4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0637733e340d09eb8ab0f7ea642643c6795d047c", "sha256_hash": "15c39f3dc57e89550f016d8d8e7d2a3b2ca00a26c55d6260f32ab331169ff0b4", "size": 1441792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000574-addr_0x0000000008910000-size_0x00000000001d0000-perm_rw.bin", "filename": "process_00000002-region_00000574-addr_0x0000000008910000-size_0x00000000001d0000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "5a6140844676ab662405d5ced5e845f1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18889a747a4c310d5e51204ee8f11b200df8c6fb", "sha256_hash": "37cdbeab1479b1f906254e366688443de2045771339f7253a9b4df7ecd5cea0f", "size": 1900544, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000575-addr_0x0000000008ae0000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000002-region_00000575-addr_0x0000000008ae0000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "a25d4050a2647c03791640ff04ede520", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ff13e90f9d5c7957b57d8881a2d9da0b59dfdbba", "sha256_hash": "393ad5b413fe29a4b8cea3b611cf7b0c8812a882e8b8cd7f72e8682fd16bcb55", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000742-addr_0x0000000008b20000-size_0x0000000000501000-perm_rw.bin", "filename": "process_00000002-region_00000742-addr_0x0000000008b20000-size_0x0000000000501000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "6f5ba94ca1b06d915ed08edfe5c44a77", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3c6e0a5bd70d69f371a8ce09053d0f390c5180ea", "sha256_hash": "43db3b89f32be7b66f1599bac1be89dc1363894beaff82e06d61a08c5a249819", "size": 286720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000747-addr_0x00000000002a0000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000002-region_00000747-addr_0x00000000002a0000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_76", "md5_hash": "196a6d3ff32f06b6a462d6a72f04749e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5654138faff2f784ee7a6f05224ad0a58636dc20", "sha256_hash": "849f7b16bed023723b7c3977c977221a7e01af6928209cb3916ef31ce1e7a561", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000816-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000816-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_80", "md5_hash": "069180bd671458a3d5e2d9263beb6944", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7bdddabf474896fc08eca5967f9c397d00b657a", "sha256_hash": "1c9e74f0c027c747532532015b6f5f52258ab6d759d767dbb149d3a22a02300d", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000817-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000817-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_81", "md5_hash": "fb1b57656b21ca3f1eac817f36af496f", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d66162493d3f78702518b39b927c4d151b5e355", "sha256_hash": "fd2a2fbb02ab1a93d9acf388c890c5d17345140a2b4d1083ac749b153c178d77", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000916-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000916-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_98", "md5_hash": "e1d36486afcbcc96a7e068a300981461", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5743e0f76b637ef798d6fb2419934690d0ca36ad", "sha256_hash": "d28548b70a18f1ad9b6bcce7151baf2c8dccdd918bc7bd6520a6cd9ce21b4717", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000917-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000917-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_99", "md5_hash": "2a2cd2ccb64d35ff3b039891904d1744", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cac5bcd7015338b9e127a1458e0b64a27843da2d", "sha256_hash": "e99406a347c8f81529f4f2e11985d7ddc9c8e27606eb247f0c481f3eaa8c47cc", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000921-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000921-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_100", "md5_hash": "41bba447ece6b0835972672109df2e27", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b9e92b64a98f663eb71f22957cabda945e4b3e3", "sha256_hash": "5f6a89ec7f9bf6af61493233fcd2dfd4cbedc6a9fe470d30eae3f52047a83d6e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000922-addr_0x00000000001e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000922-addr_0x00000000001e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_101", "md5_hash": "80b4f7d227be7e1aefc105f2e0a21e92", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3769be7f93f6600784fe665ed0ddb54e48b63568", "sha256_hash": "c90c97276d2518bf649d79c6ef20db3a29257d12b94b12fde8b36ec0ab7dab90", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000924-addr_0x000000000bc00000-size_0x0000000000012000-perm_rwx.bin", "filename": "process_00000005-region_00000924-addr_0x000000000bc00000-size_0x0000000000012000-perm_rwx.bin", "id": "proc_dump_102", "md5_hash": "fec0a64ff618ffd3208a899c65940e82", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7475a253d3c4a52722455ca4e1e0c4fb8383713a", "sha256_hash": "3fdccc3e4bf746de00f00b484b02efccf37775f9055bff8c3e44160e3a1dd0da", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000928-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000928-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_103", "md5_hash": "61dd97e38396699256535cc5002df8cc", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60d2520464321ddd875316d948c0939cc4b4716a", "sha256_hash": "7e6a7a2677449c74c30d14d5e46f92b0277a03d8e29be7829feaa3f6ca29e5e4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000929-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000929-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_104", "md5_hash": "d05de8f106fb3ac97ee69afa08919c1e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af522766583ddc4d1b1d54e6c6bc3d115c9cd235", "sha256_hash": "91a9fed1475268b99602bc245c62ea123e69be4a4a1dd2af6c149e9bd9e0720b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000930-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000930-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_105", "md5_hash": "3aec78770792e2ecbbabb1aec0e6e8d1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52f61a541d406d22cb5795547359ec2279985cc2", "sha256_hash": "beae744176bd4f497c7b8617afa1e2b4f339a8c4c48678a2dc877dca89a85f54", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000932-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000932-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_106", "md5_hash": "b6a811c402e1251ee2e08f143908af22", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8e1a0d7d87dea622d661f54db3107cb328838fb", "sha256_hash": "0d87a757155e1e94d811dd120b9c0fc5738fdb56f589094f6dfd195d75b77084", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000934-addr_0x0000000000150000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000934-addr_0x0000000000150000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_107", "md5_hash": "968c5532072425006f4938787c055514", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1332e08e23353fddb88a04d76173a20fd4d29276", "sha256_hash": "fd889470a964042d8aa9bd12d1eed3d4284e1c3962f758ffad835cacf117bdc7", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000939-addr_0x0000000000030000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000939-addr_0x0000000000030000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "aa0b81d9559c3c0aea82b01f945e85ae", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ccacb4eec9b2a873300e03dec130e4e798b2cbeb", "sha256_hash": "b8d4a1c68d41b68419621e14f7e1e7773feeac0871b4a3ebd43065e03e10ae90", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000941-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000941-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "1e918a74650bbb8da38af216cac0eebc", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "86ef2cc8b11a8b58c1cb8422c0df590882347b8a", "sha256_hash": "bca8512bd550a27b62667a6fa348f128e8e02b12342e93f2f5a7f3243f33371a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000971-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000005-region_00000971-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_110", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000972-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000005-region_00000972-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_111", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000979-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000979-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_112", "md5_hash": "27168ce8966755178c73ea0f0bb30061", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5257f1efd1aa989bb75aeb8e4e023a01f00c1587", "sha256_hash": "3613f51f69bbddcb9b49c8b9a396e69178d742d597c4d142df2fecf1bf8aa6e4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000980-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000980-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000984-addr_0x00000000003a0000-size_0x00000000000e0000-perm_rw.bin", "filename": "process_00000005-region_00000984-addr_0x00000000003a0000-size_0x00000000000e0000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "9bc2d49503d726a7a3ec6aaf8184bb1a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d02e6724eb3f1d3039ef04378ca6073c5c41a0d1", "sha256_hash": "d9f7734a118a09b83281354ee76b2cbcf9be1a89413f03d5eec614bd5f8b0fd2", "size": 917504, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000986-addr_0x0000000000220000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000986-addr_0x0000000000220000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "5b6004fa1d73af12ebdcede429889df1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43579a1e5dc6e269ca7d1dbed915f5956b35151f", "sha256_hash": "9f08da234a0bbc76ab0fbf5a72e6e8651b273dec0eb5cb21f70ffcb5e61feaec", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000988-addr_0x0000000001ef0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000005-region_00000988-addr_0x0000000001ef0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "aaa82eacc3e054346d8b9e7e573e1c4b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d54ceb2aee149a7ab5ffab9a3c5c784fd9bc3e2", "sha256_hash": "d7e923041d951b6733250f6c5ab8b593386a2c08ddd8a5041e85eeda41a15cf3", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000997-addr_0x0000000001ef0000-size_0x00000000001e0000-perm_rw.bin", "filename": "process_00000005-region_00000997-addr_0x0000000001ef0000-size_0x00000000001e0000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "c3804cc4549ffd863be87aa531587dd6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b6a80d077b1efc40ebbbca19cabdb0c50bfe006", "sha256_hash": "11892077d1227b1372cb1cd5317621d49ccd31582be94dddd83ef43bbc1e2ea8", "size": 1966080, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000998-addr_0x0000000001ef0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000998-addr_0x0000000001ef0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "861fa656b508344969ab9931f9681220", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6603397bea25870b09052d6990f5ad0ad1827cc5", "sha256_hash": "bc0d96fae19a11a1eb78aa4de264992bee36bbe120f8e37b01e29b5ee20bf0b6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000999-addr_0x00000000020c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000999-addr_0x00000000020c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "7d8512a7153c4deb69f29e07b709dd14", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2c1109b36d83a5862c264197af6309b9d31e5367", "sha256_hash": "f959e7b65a0b3c4e6a51df6437066b5f1bd4613115d1ad15fe1e8f00cff81ba8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001000-addr_0x00000000020d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001000-addr_0x00000000020d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001001-addr_0x0000000002100000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001001-addr_0x0000000002100000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "c0925124a2510cf6885aeb0962d6e945", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b728bad866e9d5239a276d18b9cfbd5a3d8686af", "sha256_hash": "ee9ff2b4aee1dc7aadacd4e3de87c4c4aee541780e798d723939b891c5530c3b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001007-addr_0x0000000000440000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001007-addr_0x0000000000440000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "7f74024eda01c3898a1d7a7b28224710", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0775481db9b558ac5b5ccb563c71e5ef73abce76", "sha256_hash": "b349d60343fab71321e33b8f07386c2c7541236550d1094eaaa2658d3628bb17", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001011-addr_0x0000000002600000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000005-region_00001011-addr_0x0000000002600000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "aaa82eacc3e054346d8b9e7e573e1c4b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d54ceb2aee149a7ab5ffab9a3c5c784fd9bc3e2", "sha256_hash": "d7e923041d951b6733250f6c5ab8b593386a2c08ddd8a5041e85eeda41a15cf3", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001017-addr_0x00000000004a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001017-addr_0x00000000004a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "b81efd3534ee3082417b09f2de133459", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce4e705af037a3c8b7fe5218135b4fabbd6ef30a", "sha256_hash": "41ae0de48370340fab9565e0a6c6eadfafc8898b324b52fc00d0da8b8e6146a7", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001018-addr_0x0000000002620000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001018-addr_0x0000000002620000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "d36f8e8e479069adf960132309824c1a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca455f756d75943341376dd68d34bcd9298b7e29", "sha256_hash": "400fdc6bfefa8923c370c802e09a9bf582ce0e5d5c0bd1803e24193046457983", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001019-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001019-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "a4bb900ba97e6ba56a022dfe0f5fe92e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1e60298b7b27795a51051e0d0c2e54fc297f8b12", "sha256_hash": "d1c201699bfd1928c650e6cbdd9b253fb450380689fe9143631917dc9fb27cb3", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001035-addr_0x0000000002660000-size_0x00000000005a1000-perm_rw.bin", "filename": "process_00000005-region_00001035-addr_0x0000000002660000-size_0x00000000005a1000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "d379b7326732d62eee66eb94f5f010b6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e8a7a50b6e5c71a6a7bcd3c73bee1f197ee3a49", "sha256_hash": "2a5e0a54561e857025096636e90fdd2bd1146f26d33d5944b7a74b273ce7d93d", "size": 5902336, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001036-addr_0x0000000002c10000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000005-region_00001036-addr_0x0000000002c10000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "63dbf7298d4e2668c0a3015a72d7f2dd", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a10e96aaee56581b695a8fcddebd27885411d6d4", "sha256_hash": "f860af25ee0ef06b7fee183db379ad3705e6c69be41869ba0345b16819932637", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001039-addr_0x0000000002660000-size_0x0000000000150000-perm_rw.bin", "filename": "process_00000005-region_00001039-addr_0x0000000002660000-size_0x0000000000150000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "6279441e0e24fd8b52dd434d0174a4d7", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "409d81a6639c8359203371d54c8b3baece42fbcd", "sha256_hash": "2c75637a58b192383b1369642e73e23385852ef20f06e32d4bbd09c003418ea4", "size": 1376256, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001043-addr_0x0000000002660000-size_0x00000000000f0000-perm_rw.bin", "filename": "process_00000005-region_00001043-addr_0x0000000002660000-size_0x00000000000f0000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "935bb7b12e4ece2585419e040473180a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90fc4cdbe4f18c4a6c973208b9e6283a63dbdf32", "sha256_hash": "f2c62a087831eba8187c8240e07d4dd0e71e4f0371c13c63123abe7f1c70d2fc", "size": 983040, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001044-addr_0x0000000002770000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001044-addr_0x0000000002770000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_135", "md5_hash": "b55841a50b4a179b439e10c279509a7d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c16e5940e471063e97ca49e795d67613a789c7c", "sha256_hash": "1f6b98dd51530f09cb4c465b2cee57054535819a98d54be040346b4542f42510", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001047-addr_0x0000000001ff0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00001047-addr_0x0000000001ff0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_136", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001048-addr_0x0000000001ff0000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000005-region_00001048-addr_0x0000000001ff0000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "4bd9b1f1c4bb53ac422d0aef0084478a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4d09d98eda1a68fd554e27758bc62204ec5fc9d9", "sha256_hash": "35816ef29abb241c154d4461a8801a417429e83371a6f3fea9c7d664d631035a", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001049-addr_0x0000000002060000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00001049-addr_0x0000000002060000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "94c7c0fd0d489417fc9d9da2b2c624e3", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6045cdcf37746bb79a3d262e3e13de3e380b4b7a", "sha256_hash": "5d63f4723416935446393a0d6ee77f36f62766486905ce7a0ea62734d4670b1b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001054-addr_0x00000000027b0000-size_0x0000000000150000-perm_rw.bin", "filename": "process_00000005-region_00001054-addr_0x00000000027b0000-size_0x0000000000150000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "2d2d6fcf0a0eb0d0a26ee110eefb567b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1e9feeaaea6d5584392a7235abab9e091582e665", "sha256_hash": "3b907219e6340882e5f6246c2285ea8269f850494c4b1e7db821dbe4e5ed219e", "size": 1376256, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001057-addr_0x00000000026b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001057-addr_0x00000000026b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "78c267f29c4e63077624d1c7161ed477", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74e10cb169ed154722cbd2aab104d5ee3853846a", "sha256_hash": "b4372039e233130da529de84a2f703deb0108ea5959a7e0aa3e5e4f9828598e3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001058-addr_0x0000000002710000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001058-addr_0x0000000002710000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "4731eef2fe4a5b56c38a3dcf19f91296", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d49c647ce5823f78251eb8c3e9e3b2cf52148c2d", "sha256_hash": "26c8ab2c64f12ede342a2ae02f7f0830ef4adfa61bb96308a12048fed09da363", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001059-addr_0x0000000002a00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001059-addr_0x0000000002a00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "c316c29ae00463e09db8d8174e11f98c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72ce3cc6f6041edef4738cca7cf19c3a92fe31d4", "sha256_hash": "2a43a0597e939a3c6b44ec2d738b27fdf7d4d8a7f6cbd564a30703e5b8c5e15e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001060-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001060-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "1455a94673e7e8b2036204111dec11be", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3c7f426f4ae852237d29936f3742b5a9e2dfc0e1", "sha256_hash": "efd98c1a2f809e57b0c0bfe7d512151a63bf114d2c2eb5d232c26bf7457be895", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001061-addr_0x00000000027b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001061-addr_0x00000000027b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "0c3a6cbf43ffef61975ae4e2bd830176", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "68428ae3e8405730965c78fb3121502fa0025870", "sha256_hash": "f4a99503286279773a4e76355d6a96fd0a676347fd10f0245d73b8a47a4c1ffd", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001062-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00001062-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "7fed8497a903cc679abad73018c5174c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7493e95932a59137c2494a81433fc97ef52f1463", "sha256_hash": "b0c45174a1fb45c1d8f3c305c289ff04537730d4423b65c17e839f74b3e43876", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001063-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00001063-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "8301e8438ab9c92c8e21d1553e01d6b2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b21eee058ea8097f47d6f8ea5ade7707a0a1d694", "sha256_hash": "7bb1d6084ac37ea0518e2d98b906ef038dff195dde7bc005b812af56b95393b2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001065-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001065-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "2ef3ba94bd312dd8dd5745b515931945", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05003d06df01a9ea87dde3ac0158fafeba2d9005", "sha256_hash": "856aa49a262149be3fdf993bf3d25a8063d89ce2eea3ad4d9e001830c35bf5b2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001066-addr_0x0000000000090000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000006-region_00001066-addr_0x0000000000090000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "2610e603d9c8186e9798371318741993", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7693b196a97d4569efaaa2c56771385eb5a687a2", "sha256_hash": "0cfad69d364379d8e2db0e7c7414e8787f662064485a17177d00a168d8ef3834", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001068-addr_0x0000000000400000-size_0x000000000002f000-perm_rwx.bin", "filename": "process_00000006-region_00001068-addr_0x0000000000400000-size_0x000000000002f000-perm_rwx.bin", "id": "proc_dump_149", "md5_hash": "d7da20d221a3d00c44a0397c54c64293", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5d8172da50b2d0888bed832211e0d2f7dd8e1596", "sha256_hash": "d9ed907922c77b84a09e149fbe29a3eb6c5c32f6ae05920b6a1e0df166990db7", "size": 192512, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001072-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001072-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "bd860fd95abdc5b6c46dea72a9b8d9bf", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9cd856267846d9d4719933f6ce884e6b10f85ac4", "sha256_hash": "687e9c9ddd5760460f6dfeaa3a36b020b85ef484e29a5ef007e8ad37d4268be4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001073-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001073-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "6830d96fd0643e026706dbbd3f1cd05f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d837b212c020e8d0b624342e49f8f4828232d67", "sha256_hash": "aa72c9650b63b179e1493aa26366dd98338c837d93366ecb3259c862e7eda449", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001074-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001074-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "fc16947962004d6619fc8424bdb60874", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5099330837cc3bd194b57d09de62b2d7db118977", "sha256_hash": "2efe91b86b46789f08b530cedff4659b884ae5cb1f4c5a7726f4955f49e6c900", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001076-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00001076-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_153", "md5_hash": "e505827c5d43e52fbcefbff105a449a1", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0678bc7aab7df0af51135775a6cf91f549d1e3e", "sha256_hash": "0641971ec6aa447a2d74a41ddde9998f21be0760e6af20baa09b4e65c4918f73", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001078-addr_0x0000000000550000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001078-addr_0x0000000000550000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "af8177ed15dc0c57dd05862185083a7c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c3900a00dc0dcc02acd1d3fca34a16130eba6e93", "sha256_hash": "7bb617cf129b2f074ba5454164353679adca868f46a59db136686ad20fce7d0b", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001084-addr_0x00000000003f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001084-addr_0x00000000003f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "2b9cea8dd4af448f4012e9d5e266746b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be483d8e09ba9ceecec41c95a9e6ae83cfcee132", "sha256_hash": "e2c44aa0458b82223a274dd3b5d448d07a0595bd48003d4c0642d28ffbde0aca", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001085-addr_0x00000000006f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001085-addr_0x00000000006f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "b88ea3a909a63031b0011c511545c986", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "edb7441468dbfc00a55c5464f9a55330eff649e8", "sha256_hash": "c90190831aed2a48cc6e6e839ec20e75f61b0b9022ce07a323cd452921090c9c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001115-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00001115-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_157", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001116-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00001116-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_158", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001122-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001122-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001123-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001123-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001126-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001126-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "c474f03964abc0f10ce291f5f652243b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e9549eca19b85839dd43f5910c47bde185d222fa", "sha256_hash": "9753c05d9951956916c6bd7b9e6e5f705f4266a8db5157cd4abaeadf01a343c7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001127-addr_0x0000000000500000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001127-addr_0x0000000000500000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "75c4df5a4eadbea0e37a98b1000df968", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9c86ce76664cf3f99529fa08518a6242d2855eff", "sha256_hash": "0206c9e26f60f6d964971da76b02a0a50a3f3edb96cda85b760703bb680edab8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001131-addr_0x0000000000330000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000006-region_00001131-addr_0x0000000000330000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_163", "md5_hash": "929f2207067370ed3a29a965f7867e3a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38ced3f7b76454ebbd2cf1766fc747f3903fbb5d", "sha256_hash": "8969cd9f5f0567fe94c5688d692e50f35c101c2fda2929e3e69b82a4cf08e62b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001132-addr_0x0000000000430000-size_0x0000000000085000-perm_rw.bin", "filename": "process_00000006-region_00001132-addr_0x0000000000430000-size_0x0000000000085000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "f812f3d8aa370c726a600d802f79c99e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aee191bb77f02796afdcbc3f1b733fb5ccc4f020", "sha256_hash": "da73e0a801d1e097baf39b432a8d4757083a876d689996a906ddf53ef4deb753", "size": 544768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001133-addr_0x00000000005d0000-size_0x0000000000085000-perm_rw.bin", "filename": "process_00000006-region_00001133-addr_0x00000000005d0000-size_0x0000000000085000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "181b307d0e4cae54e9949b98cabfc12e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3dfb6b01d548e82d10a02003950b142884500352", "sha256_hash": "03bcdd605928c476cb09dd3156b5f8452101de05a54f82da5c9236a0e1932eef", "size": 544768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001134-addr_0x0000000000370000-size_0x0000000000022000-perm_rw.bin", "filename": "process_00000006-region_00001134-addr_0x0000000000370000-size_0x0000000000022000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "2d263f84a9a4bdc3598af666eb77ae0a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6d5bbc7b2205a58f2cd308d1e81e2e4dd0413b26", "sha256_hash": "8bf2d3c2b98c71689e4607e490a3dabb126f3e6a1c08ef3122092cc9f0e789e7", "size": 139264, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001135-addr_0x0000000000340000-size_0x000000000001a000-perm_rw.bin", "filename": "process_00000006-region_00001135-addr_0x0000000000340000-size_0x000000000001a000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "72b1d48dd72782ad4264178bea13e836", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da07038ced931b566d673d22fd33501c3c03dcf1", "sha256_hash": "d1716d531bf2e3f478df69cdaca913a8bdfb89ed077a1969ebb9e33848cf6612", "size": 106496, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001153-addr_0x0000000002310000-size_0x0000000000282000-perm_rw.bin", "filename": "process_00000006-region_00001153-addr_0x0000000002310000-size_0x0000000000282000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "818815bc14de78765af844725546087a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8880f3a2fecb10be727f3d34b4786ee32a37940", "sha256_hash": "1a2ecd8741b937b5c6140f45489ab4b8b3637725ff198dffceb5430d327b0bb1", "size": 2629632, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001155-addr_0x0000000000340000-size_0x0000000000017000-perm_rw.bin", "filename": "process_00000006-region_00001155-addr_0x0000000000340000-size_0x0000000000017000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "e0f31cae84bd702e298dcba53b7d0ea0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc344d4f5f158aebd5bdb786d24b4cfc22937fea", "sha256_hash": "215c3f7e042e35ab6acfbf0895269586ce0755e5b642d73f68425fb9ac0d6df6", "size": 94208, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001136-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00001136-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "4a25e18e81d87537174cc13e8afb5077", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "931e6b4341f05af77faffc91ce61ea2a932af249", "sha256_hash": "e1e3eba2cfd1920ddbc7c773b23e9752d80a3b835ca8c10ab469c40eedaef6a9", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001137-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001137-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "6091c6dc9795117642403bf6b85c3801", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dab05f8edb6472676f50a27d27b72770abbc3119", "sha256_hash": "7676a0484355dfc7c34a9df52b16daead9eb646cceaea181ce9a8d0307a67bed", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001214-addr_0x0000000002470000-size_0x0000000000220000-perm_rw.bin", "filename": "process_00000007-region_00001214-addr_0x0000000002470000-size_0x0000000000220000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "a266da0f276743ff6c1ca64c6ca8601e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e2e41316ce444a773d1f8d7040e5c28afa26678", "sha256_hash": "51406ebb3364f8111394d4dc33770db0bf19de30a4cfe4d9344ee533f67056b2", "size": 2228224, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001216-addr_0x00000000006d0000-size_0x00000000000c0000-perm_rw.bin", "filename": "process_00000007-region_00001216-addr_0x00000000006d0000-size_0x00000000000c0000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "d512411ffb5755e62fdcf3e62c1fa52e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7dd51d8e118d68e29defba286636ea0e14b0e8d", "sha256_hash": "beeaf160880977b5a04beb61cc4d4050ef804909b0f74414348c909205371cfa", "size": 786432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001227-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001227-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "4e520a24834da5b318c81631dcf4ee7b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "61ce196dad43440d4eac4a949d94d3eeba92c102", "sha256_hash": "5a408b2072bf85ad582325c796eae4a4f3689de0379a2b6c0f7f2bfb80f413f8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001285-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001285-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "a895acbdb2d0a2b84c18c08581cdc866", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c08977d85f6f3fbedede63608b3d7b8917441a", "sha256_hash": "c735346d54bbf3988137edb08149291c5af15aec51e3b15afe7cd1fe5e38fa5f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001343-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001343-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "96e9ccddf41f9276a81abbf744af1607", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64a3e02fdae6f6e009517dfd02910257b9010b18", "sha256_hash": "593c595c562ec08fbe0754c7cae9e8a12fb7f6961c143d47869b0c4fef9db8a3", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001401-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001401-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "92f6d122ee430674be2c55286315be33", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a9c0706e945ed787e6e10b5c1ab0d4ea31bde18", "sha256_hash": "dfda2abc540e4a51b14906ac52fffc34115f8c3b9614687521b5e88c77910a2a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001459-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001459-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "42206b428811c19bcc4283dcc4905a68", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "110f189d4084c12117ff9206d971491b7bf34db4", "sha256_hash": "1fe1cca02dd670100b27a72bb50ebf619fb9339ed8814cb53e277bab41ac65ea", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001491-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001491-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "c9161dbdd1616e2b180b16b23947feec", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d589a1696887a04bff94c53bf5df422aa3d8bcb2", "sha256_hash": "c418f17db898755877ef8edb59cb129734dd9b49ea31fafddb87e2a2547f4c08", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001525-addr_0x0000000000280000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001525-addr_0x0000000000280000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001533-addr_0x0000000002bc0000-size_0x00000000001e0000-perm_rw.bin", "filename": "process_00000007-region_00001533-addr_0x0000000002bc0000-size_0x00000000001e0000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "c3804cc4549ffd863be87aa531587dd6", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b6a80d077b1efc40ebbbca19cabdb0c50bfe006", "sha256_hash": "11892077d1227b1372cb1cd5317621d49ccd31582be94dddd83ef43bbc1e2ea8", "size": 1966080, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001534-addr_0x0000000002590000-size_0x00000000000b0000-perm_rw.bin", "filename": "process_00000007-region_00001534-addr_0x0000000002590000-size_0x00000000000b0000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "63e90f70700e1640426f351176646116", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6810c338b6591109e76470ce61e634d4c97f503e", "sha256_hash": "9d9630caf0f60c4ceea78774c62d25e87b03af5effdde858029b61a09d48210a", "size": 720896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001535-addr_0x0000000002bc0000-size_0x00000000000b0000-perm_rw.bin", "filename": "process_00000007-region_00001535-addr_0x0000000002bc0000-size_0x00000000000b0000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "a90f8ad9991d7c97e776cd86e3d5e926", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b054e18bbf0db2520671c624f6dd30d91914f032", "sha256_hash": "2650d566e6afcc88d8c78982ff5387e9ba2cef3747e5027ff556f0dbbe695b10", "size": 720896, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_133", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_134", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_135", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 278527, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_137", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_138", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_139", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_140", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_141", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_142", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_143", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 200704, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_144", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_146", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_147", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3612671, "entry_point": 0, "filename": null, "id": "region_148", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_149", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3764223, "entry_point": 0, "filename": null, "id": "region_150", "name": "pagefile_0x0000000000390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3735552, "timestamp": "00:00:10.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3809279, "entry_point": 0, "filename": null, "id": "region_151", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3940351, "entry_point": 0, "filename": null, "id": "region_152", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_153", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6848511, "entry_point": 0, "filename": null, "id": "region_154", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_155", "name": "private_0x00000000006a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6946816, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 8589311, "entry_point": 0, "filename": null, "id": "region_156", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 0, "filename": null, "id": "region_157", "name": "pagefile_0x0000000000840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8650752, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 30670847, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 31129599, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x0000000001d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 30867456, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31653887, "entry_point": 0, "filename": null, "id": "region_160", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 31657983, "entry_point": 0, "filename": null, "id": "region_161", "name": "pagefile_0x0000000001e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31653888, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 31723519, "entry_point": 0, "filename": null, "id": "region_162", "name": "private_0x0000000001e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 31719424, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 31789055, "entry_point": 0, "filename": null, "id": "region_163", "name": "pagefile_0x0000000001e50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31784960, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_164", "name": "private_0x0000000001e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 31850496, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 32829439, "entry_point": 0, "filename": null, "id": "region_165", "name": "pagefile_0x0000000001e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31916032, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 33312767, "entry_point": 0, "filename": null, "id": "region_166", "name": "pagefile_0x0000000001fc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33292288, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33361919, "entry_point": 0, "filename": null, "id": "region_167", "name": "private_0x0000000001fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33357824, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 33431551, "entry_point": 0, "filename": null, "id": "region_168", "name": "pagefile_0x0000000001fe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33423360, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33492991, "entry_point": 0, "filename": null, "id": "region_169", "name": "pagefile_0x0000000001ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33488896, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33558527, "entry_point": 0, "filename": null, "id": "region_170", "name": "pagefile_0x0000000002000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33554432, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33624063, "entry_point": 33619968, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_171", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 33619968, "timestamp": "00:00:10.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 33689599, "entry_point": 0, "filename": null, "id": "region_172", "name": "pagefile_0x0000000002020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33685504, "timestamp": "00:00:10.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 34799615, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:00:10.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34799616, "type": "region", "version": 1 }, "end_va": 35848191, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x0000000002130000", "norm_filename": null, "region_type": "private_memory", "start_va": 34799616, "timestamp": "00:00:10.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 35848192, "type": "region", "version": 1 }, "end_va": 39989247, "entry_point": 0, "filename": null, "id": "region_175", "name": "pagefile_0x0000000002230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35848192, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 40042496, "type": "region", "version": 1 }, "end_va": 42987519, "entry_point": 40042496, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_176", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 40042496, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 159744, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 43151359, "entry_point": 42991616, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db", "id": "region_177", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "region_type": "memory_mapped_file", "start_va": 42991616, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43192319, "entry_point": 0, "filename": null, "id": "region_178", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43323391, "entry_point": 43253760, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_179", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 43253760, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 45613055, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x0000000002a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 44564480, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45744128, "type": "region", "version": 1 }, "end_va": 46792703, "entry_point": 0, "filename": null, "id": "region_181", "name": "private_0x0000000002ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45744128, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 126976, "start_va": 46792704, "type": "region", "version": 1 }, "end_va": 46919679, "entry_point": 0, "filename": null, "id": "region_182", "name": "private_0x0000000002ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46792704, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 47120384, "type": "region", "version": 1 }, "end_va": 47644671, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x0000000002cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47120384, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47972352, "type": "region", "version": 1 }, "end_va": 49020927, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x0000000002dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47972352, "timestamp": "00:00:10.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 49020928, "type": "region", "version": 1 }, "end_va": 49541119, "entry_point": 49020928, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_185", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 49020928, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49676288, "type": "region", "version": 1 }, "end_va": 50724863, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000002f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 49676288, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4194304, "start_va": 50724864, "type": "region", "version": 1 }, "end_va": 54919167, "entry_point": 0, "filename": null, "id": "region_187", "name": "pagefile_0x0000000003060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 50724864, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 54919168, "type": "region", "version": 1 }, "end_va": 64552959, "entry_point": 54919168, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_188", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 54919168, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 64552960, "type": "region", "version": 1 }, "end_va": 65601535, "entry_point": 0, "filename": null, "id": "region_189", "name": "private_0x0000000003d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 64552960, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 65798144, "type": "region", "version": 1 }, "end_va": 66322431, "entry_point": 0, "filename": null, "id": "region_190", "name": "private_0x0000000003ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65798144, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 66519040, "type": "region", "version": 1 }, "end_va": 66584575, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x0000000003f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 66519040, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 66584576, "type": "region", "version": 1 }, "end_va": 67633151, "entry_point": 0, "filename": null, "id": "region_192", "name": "private_0x0000000003f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 66584576, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 67895296, "type": "region", "version": 1 }, "end_va": 67960831, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x00000000040c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 67895296, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68354048, "type": "region", "version": 1 }, "end_va": 69402623, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x0000000004130000", "norm_filename": null, "region_type": "private_memory", "start_va": 68354048, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 69402624, "type": "region", "version": 1 }, "end_va": 69812223, "entry_point": 69402624, "filename": "\\Windows\\Fonts\\seguisb.ttf", "id": "region_195", "name": "seguisb.ttf", "norm_filename": "c:\\windows\\fonts\\seguisb.ttf", "region_type": "memory_mapped_file", "start_va": 69402624, "timestamp": "00:00:10.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 69926912, "type": "region", "version": 1 }, "end_va": 69992447, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x00000000042b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 69926912, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 69992448, "type": "region", "version": 1 }, "end_va": 78381055, "entry_point": 0, "filename": null, "id": "region_197", "name": "pagefile_0x00000000042c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 69992448, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 78839808, "type": "region", "version": 1 }, "end_va": 79364095, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x0000000004b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 78839808, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 79364096, "type": "region", "version": 1 }, "end_va": 79429631, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x0000000004bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 79364096, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 79691776, "type": "region", "version": 1 }, "end_va": 80740351, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x0000000004c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 79691776, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 81264640, "type": "region", "version": 1 }, "end_va": 82313215, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x0000000004d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 81264640, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 82313216, "type": "region", "version": 1 }, "end_va": 84410367, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x0000000004e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 82313216, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 84410368, "type": "region", "version": 1 }, "end_va": 85458943, "entry_point": 0, "filename": null, "id": "region_203", "name": "private_0x0000000005080000", "norm_filename": null, "region_type": "private_memory", "start_va": 84410368, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 85983232, "type": "region", "version": 1 }, "end_va": 86507519, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x0000000005200000", "norm_filename": null, "region_type": "private_memory", "start_va": 85983232, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 86769664, "type": "region", "version": 1 }, "end_va": 87818239, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x00000000052c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86769664, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 87883776, "type": "region", "version": 1 }, "end_va": 88932351, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x00000000053d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 87883776, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 88932352, "type": "region", "version": 1 }, "end_va": 105709567, "entry_point": 0, "filename": null, "id": "region_207", "name": "pagefile_0x00000000054d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 88932352, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 105709568, "type": "region", "version": 1 }, "end_va": 106495999, "entry_point": 105709568, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_208", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 105709568, "timestamp": "00:00:10.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 107479040, "type": "region", "version": 1 }, "end_va": 108003327, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x0000000006680000", "norm_filename": null, "region_type": "private_memory", "start_va": 107479040, "timestamp": "00:00:10.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 108003328, "type": "region", "version": 1 }, "end_va": 112197631, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x0000000006700000", "norm_filename": null, "region_type": "private_memory", "start_va": 108003328, "timestamp": "00:00:10.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 112197632, "type": "region", "version": 1 }, "end_va": 116391935, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x0000000006b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 112197632, "timestamp": "00:00:10.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 116391936, "type": "region", "version": 1 }, "end_va": 124780543, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x0000000006f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 116391936, "timestamp": "00:00:10.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 124780544, "type": "region", "version": 1 }, "end_va": 128978943, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x0000000007700000", "norm_filename": null, "region_type": "private_memory", "start_va": 124780544, "timestamp": "00:00:10.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 129040384, "type": "region", "version": 1 }, "end_va": 133238783, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x0000000007b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 129040384, "timestamp": "00:00:10.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 133300224, "type": "region", "version": 1 }, "end_va": 137498623, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x0000000007f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 133300224, "timestamp": "00:00:10.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 137560064, "type": "region", "version": 1 }, "end_va": 139657215, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000008330000", "norm_filename": null, "region_type": "private_memory", "start_va": 137560064, "timestamp": "00:00:10.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4980736, "start_va": 139657216, "type": "region", "version": 1 }, "end_va": 144637951, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000008530000", "norm_filename": null, "region_type": "private_memory", "start_va": 139657216, "timestamp": "00:00:10.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 144637952, "type": "region", "version": 1 }, "end_va": 148832255, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x00000000089f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 144637952, "timestamp": "00:00:10.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 927203328, "type": "region", "version": 1 }, "end_va": 927268863, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000037440000", "norm_filename": null, "region_type": "private_memory", "start_va": 927203328, "timestamp": "00:00:10.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 622592, "start_va": 1943535616, "type": "region", "version": 1 }, "end_va": 1944158207, "entry_point": 1943535616, "filename": "\\Windows\\System32\\msvcp100.dll", "id": "region_220", "name": "msvcp100.dll", "norm_filename": "c:\\windows\\system32\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1943535616, "timestamp": "00:00:10.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 860160, "start_va": 1944190976, "type": "region", "version": 1 }, "end_va": 1945051135, "entry_point": 1944190976, "filename": "\\Windows\\System32\\msvcr100.dll", "id": "region_221", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\system32\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1944190976, "timestamp": "00:00:10.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 1954742272, "type": "region", "version": 1 }, "end_va": 1954951167, "entry_point": 1954742272, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_222", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1954742272, "timestamp": "00:00:10.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999765504, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_223", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:00:10.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2000945152, "filename": "\\Windows\\System32\\user32.dll", "id": "region_224", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:00:10.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_225", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:10.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2003922943, "entry_point": 2003894272, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_226", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:00:10.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_227", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:10.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:10.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:10.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1933312, "start_va": 5366153216, "type": "region", "version": 1 }, "end_va": 5368086527, "entry_point": 5366153216, "filename": "\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE", "id": "region_230", "name": "winword.exe", "norm_filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "region_type": "memory_mapped_file", "start_va": 5366153216, "timestamp": "00:00:10.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8790520823808, "type": "region", "version": 1 }, "end_va": 8790520864767, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x000007feb3df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8790520823808, "timestamp": "00:00:10.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8790706683904, "type": "region", "version": 1 }, "end_va": 8790706749439, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x000007febef30000", "norm_filename": null, "region_type": "private_memory", "start_va": 8790706683904, "timestamp": "00:00:10.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2240512, "start_va": 8791409491968, "type": "region", "version": 1 }, "end_va": 8791411732479, "entry_point": 8791409491968, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\RICHED20.DLL", "id": "region_233", "name": "riched20.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 8791409491968, "timestamp": "00:00:10.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 888832, "start_va": 8791411785728, "type": "region", "version": 1 }, "end_va": 8791412674559, "entry_point": 8791411785728, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\ADAL.DLL", "id": "region_234", "name": "adal.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\adal.dll", "region_type": "memory_mapped_file", "start_va": 8791411785728, "timestamp": "00:00:10.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791413948416, "type": "region", "version": 1 }, "end_va": 8791414575103, "entry_point": 8791413948416, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_235", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791413948416, "timestamp": "00:00:10.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791414603776, "type": "region", "version": 1 }, "end_va": 8791415058431, "entry_point": 8791414603776, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_236", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791414603776, "timestamp": "00:00:10.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1564672, "start_va": 8791415062528, "type": "region", "version": 1 }, "end_va": 8791416627199, "entry_point": 8791415062528, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_237", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 8791415062528, "timestamp": "00:00:10.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1900544, "start_va": 8791416635392, "type": "region", "version": 1 }, "end_va": 8791418535935, "entry_point": 8791416635392, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_238", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 8791416635392, "timestamp": "00:00:10.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 8791418535936, "type": "region", "version": 1 }, "end_va": 8791420067839, "entry_point": 8791418535936, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSPTLS.DLL", "id": "region_239", "name": "msptls.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msptls.dll", "region_type": "memory_mapped_file", "start_va": 8791418535936, "timestamp": "00:00:10.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 80654336, "start_va": 8791420108800, "type": "region", "version": 1 }, "end_va": 8791500763135, "entry_point": 8791420108800, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSORES.DLL", "id": "region_240", "name": "msores.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msores.dll", "region_type": "memory_mapped_file", "start_va": 8791420108800, "timestamp": "00:00:10.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36376576, "start_va": 8791500783616, "type": "region", "version": 1 }, "end_va": 8791537160191, "entry_point": 8791500783616, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL", "id": "region_241", "name": "mso.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll", "region_type": "memory_mapped_file", "start_va": 8791500783616, "timestamp": "00:00:10.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 27783168, "start_va": 8791537221632, "type": "region", "version": 1 }, "end_va": 8791565004799, "entry_point": 8791537221632, "filename": "\\Program Files\\Microsoft Office\\Office15\\WWLIB.DLL", "id": "region_242", "name": "wwlib.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\wwlib.dll", "region_type": "memory_mapped_file", "start_va": 8791537221632, "timestamp": "00:00:10.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 811008, "start_va": 8791565271040, "type": "region", "version": 1 }, "end_va": 8791566082047, "entry_point": 8791565271040, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_243", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 8791565271040, "timestamp": "00:00:11.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3633152, "start_va": 8791566123008, "type": "region", "version": 1 }, "end_va": 8791569756159, "entry_point": 8791566123008, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\1033\\MSOINTL.DLL", "id": "region_244", "name": "msointl.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 8791566123008, "timestamp": "00:00:11.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 8791569793024, "type": "region", "version": 1 }, "end_va": 8791570661375, "entry_point": 8791569793024, "filename": "\\Program Files\\Microsoft Office\\Office15\\1033\\WWINTL.DLL", "id": "region_245", "name": "wwintl.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\1033\\wwintl.dll", "region_type": "memory_mapped_file", "start_va": 8791569793024, "timestamp": "00:00:11.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 925696, "start_va": 8791570710528, "type": "region", "version": 1 }, "end_va": 8791571636223, "entry_point": 8791570710528, "filename": "\\Windows\\System32\\d2d1.dll", "id": "region_246", "name": "d2d1.dll", "norm_filename": "c:\\windows\\system32\\d2d1.dll", "region_type": "memory_mapped_file", "start_va": 8791570710528, "timestamp": "00:00:11.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21053440, "start_va": 8791571693568, "type": "region", "version": 1 }, "end_va": 8791592747007, "entry_point": 8791571693568, "filename": "\\Program Files\\Microsoft Office\\Office15\\OART.DLL", "id": "region_247", "name": "oart.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\oart.dll", "region_type": "memory_mapped_file", "start_va": 8791571693568, "timestamp": "00:00:11.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791604920320, "type": "region", "version": 1 }, "end_va": 8791604948991, "entry_point": 8791604920320, "filename": "\\Windows\\System32\\msimg32.dll", "id": "region_248", "name": "msimg32.dll", "norm_filename": "c:\\windows\\system32\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 8791604920320, "timestamp": "00:00:11.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2039808, "start_va": 8791657349120, "type": "region", "version": 1 }, "end_va": 8791659388927, "entry_point": 8791657349120, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_249", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 8791657349120, "timestamp": "00:00:11.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791660036096, "type": "region", "version": 1 }, "end_va": 8791660498943, "entry_point": 8791660036096, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_250", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 8791660036096, "timestamp": "00:00:11.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5242880, "start_va": 8791685464064, "type": "region", "version": 1 }, "end_va": 8791690706943, "entry_point": 8791685464064, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\Cultures\\OFFICE.ODF", "id": "region_251", "name": "office.odf", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 8791685464064, "timestamp": "00:00:11.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3235840, "start_va": 8791690706944, "type": "region", "version": 1 }, "end_va": 8791693942783, "entry_point": 8791690706944, "filename": "\\Windows\\System32\\msi.dll", "id": "region_252", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 8791690706944, "timestamp": "00:00:11.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 8791698636800, "type": "region", "version": 1 }, "end_va": 8791699320831, "entry_point": 8791698636800, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_253", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 8791698636800, "timestamp": "00:00:11.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791699357696, "type": "region", "version": 1 }, "end_va": 8791699705855, "entry_point": 8791699357696, "filename": "\\Windows\\System32\\d3d10_1core.dll", "id": "region_254", "name": "d3d10_1core.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1core.dll", "region_type": "memory_mapped_file", "start_va": 8791699357696, "timestamp": "00:00:11.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791699750912, "type": "region", "version": 1 }, "end_va": 8791699963903, "entry_point": 8791699750912, "filename": "\\Windows\\System32\\d3d10_1.dll", "id": "region_255", "name": "d3d10_1.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1.dll", "region_type": "memory_mapped_file", "start_va": 8791699750912, "timestamp": "00:00:11.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 409600, "start_va": 8791702634496, "type": "region", "version": 1 }, "end_va": 8791703044095, "entry_point": 8791702634496, "filename": "\\Windows\\System32\\webio.dll", "id": "region_256", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 8791702634496, "timestamp": "00:00:11.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791703093248, "type": "region", "version": 1 }, "end_va": 8791703556095, "entry_point": 8791703093248, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_257", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 8791703093248, "timestamp": "00:00:11.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791711612928, "type": "region", "version": 1 }, "end_va": 8791712833535, "entry_point": 8791711612928, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_258", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 8791711612928, "timestamp": "00:00:11.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791712858112, "type": "region", "version": 1 }, "end_va": 8791712956415, "entry_point": 8791712858112, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_259", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791712858112, "timestamp": "00:00:11.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2183168, "start_va": 8791714693120, "type": "region", "version": 1 }, "end_va": 8791716876287, "entry_point": 8791714693120, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll", "id": "region_260", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 8791714693120, "timestamp": "00:00:11.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717273599, "entry_point": 8791716921344, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_261", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:00:11.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791723933696, "type": "region", "version": 1 }, "end_va": 8791724003327, "entry_point": 8791723933696, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_262", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791723933696, "timestamp": "00:00:11.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791728717824, "type": "region", "version": 1 }, "end_va": 8791728902143, "entry_point": 8791728717824, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_263", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791728717824, "timestamp": "00:00:11.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791729111040, "type": "region", "version": 1 }, "end_va": 8791730339839, "entry_point": 8791729111040, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_264", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791729111040, "timestamp": "00:00:11.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791730683904, "type": "region", "version": 1 }, "end_va": 8791732731903, "entry_point": 8791730683904, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_265", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791730683904, "timestamp": "00:00:11.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791737565184, "type": "region", "version": 1 }, "end_va": 8791737614335, "entry_point": 8791737565184, "filename": "\\Windows\\System32\\version.dll", "id": "region_266", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791737565184, "timestamp": "00:00:11.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791741825024, "type": "region", "version": 1 }, "end_va": 8791742115839, "entry_point": 8791741825024, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_267", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791741825024, "timestamp": "00:00:11.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746441215, "entry_point": 8791746347008, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_268", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:00:11.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791751000064, "type": "region", "version": 1 }, "end_va": 8791751045119, "entry_point": 8791751000064, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_269", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791751000064, "timestamp": "00:00:11.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751348223, "entry_point": 8791751196672, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_270", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:00:11.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791751393280, "type": "region", "version": 1 }, "end_va": 8791751454719, "entry_point": 8791751393280, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_271", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751393280, "timestamp": "00:00:11.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791752114176, "type": "region", "version": 1 }, "end_va": 8791752364031, "entry_point": 8791752114176, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_272", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791752114176, "timestamp": "00:00:11.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791752376320, "type": "region", "version": 1 }, "end_va": 8791752458239, "entry_point": 8791752376320, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_273", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791752376320, "timestamp": "00:00:11.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791752507392, "type": "region", "version": 1 }, "end_va": 8791752568831, "entry_point": 8791752507392, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_274", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791752507392, "timestamp": "00:00:11.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791753162752, "type": "region", "version": 1 }, "end_va": 8791753224191, "entry_point": 8791753162752, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_275", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791753162752, "timestamp": "00:00:11.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791753883648, "type": "region", "version": 1 }, "end_va": 8791754121215, "entry_point": 8791753883648, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_276", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 8791753883648, "timestamp": "00:00:11.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791754145792, "type": "region", "version": 1 }, "end_va": 8791754366975, "entry_point": 8791754145792, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_277", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791754145792, "timestamp": "00:00:11.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791754407936, "type": "region", "version": 1 }, "end_va": 8791754514431, "entry_point": 8791754407936, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_278", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791754407936, "timestamp": "00:00:11.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754539008, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_279", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:00:11.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791754997760, "type": "region", "version": 1 }, "end_va": 8791756468223, "entry_point": 8791754997760, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_280", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791754997760, "timestamp": "00:00:11.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756505088, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_281", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:00:11.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791757750272, "type": "region", "version": 1 }, "end_va": 8791758376959, "entry_point": 8791757750272, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_282", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791757750272, "timestamp": "00:00:11.589", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\SysWOW64\\svchost.exe\"", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_2", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000451-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_451", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:18.447", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000452-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_452", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:18.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_453", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:18.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_454", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:18.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_455", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:18.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_456", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:18.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_457", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:18.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5210111, "entry_point": 5177344, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_458", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 5177344, "timestamp": "00:00:18.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_459", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:18.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_460", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:00:18.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_461", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:18.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_462", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:18.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_463", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:18.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_464", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:18.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_465", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:18.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_466", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:18.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_467", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:18.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4227071, "entry_point": 0, "filename": null, "id": "region_469", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:18.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_470", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:00:18.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942224896, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_471", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:00:18.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942618112, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_472", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:00:18.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943076864, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_473", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:00:18.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8323071, "entry_point": 0, "filename": null, "id": "region_474", "name": "private_0x00000000006f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7274496, "timestamp": "00:00:18.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977352192, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_475", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:00:18.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997733888, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_476", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:00:18.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_477", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:00:18.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_478", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:00:18.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_479", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:18.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2060287, "entry_point": 1638400, "filename": "\\Windows\\System32\\locale.nls", "id": "region_480", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:00:18.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965490176, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_481", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:00:18.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965555712, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_482", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:00:18.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967390720, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_483", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:00:18.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972830208, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_484", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:00:18.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976631296, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_485", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:00:18.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_486", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:18.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_487", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:18.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_488", "name": "private_0x00000000006a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6946816, "timestamp": "00:00:18.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1994457088, "type": "region", "version": 1 }, "end_va": 1995460607, "entry_point": 1994457088, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_489", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1994457088, "timestamp": "00:00:18.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1995505664, "type": "region", "version": 1 }, "end_va": 1995862015, "entry_point": 1995505664, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_490", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1995505664, "timestamp": "00:00:18.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974140928, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_491", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:00:19.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971191808, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_492", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:00:19.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999110144, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_493", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:00:19.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996357632, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_494", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:00:19.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998061568, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_495", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:00:19.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1996423168, "type": "region", "version": 1 }, "end_va": 1997692927, "entry_point": 1996423168, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_496", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1996423168, "timestamp": "00:00:19.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1967374335, "entry_point": 1965948928, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_497", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:19.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1978466304, "type": "region", "version": 1 }, "end_va": 1979052031, "entry_point": 1978466304, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_498", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1978466304, "timestamp": "00:00:19.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972961280, "type": "region", "version": 1 }, "end_va": 1974128639, "entry_point": 1972961280, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_499", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972961280, "timestamp": "00:00:19.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2003763200, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_500", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:00:19.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1968373760, "type": "region", "version": 1 }, "end_va": 1970450431, "entry_point": 1968373760, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_501", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1968373760, "timestamp": "00:00:19.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 131072, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_502", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:00:19.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6848511, "entry_point": 0, "filename": null, "id": "region_503", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:19.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 202127, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_504", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:00:19.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1996035471, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_505", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:00:19.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975255040, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_506", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:00:19.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 9900031, "entry_point": 0, "filename": null, "id": "region_507", "name": "pagefile_0x00000000007f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8323072, "timestamp": "00:00:19.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_508", "name": "pagefile_0x0000000000980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9961472, "timestamp": "00:00:19.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_509", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:19.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_510", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:19.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_511", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:19.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_512", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:19.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 35074047, "entry_point": 0, "filename": null, "id": "region_513", "name": "pagefile_0x0000000001d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30932992, "timestamp": "00:00:19.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1965228032, "type": "region", "version": 1 }, "end_va": 1965342719, "entry_point": 1965228032, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_514", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1965228032, "timestamp": "00:00:19.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1976369152, "type": "region", "version": 1 }, "end_va": 1976393727, "entry_point": 1976369152, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_515", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1976369152, "timestamp": "00:00:19.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1965162496, "type": "region", "version": 1 }, "end_va": 1965191167, "entry_point": 1965162496, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_516", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1965162496, "timestamp": "00:00:19.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1995919359, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_517", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:19.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33558528, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 68685823, "entry_point": 0, "filename": null, "id": "region_518", "name": "private_0x0000000002180000", "norm_filename": null, "region_type": "private_memory", "start_va": 35127296, "timestamp": "00:00:19.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33558528, "start_va": 68747264, "type": "region", "version": 1 }, "end_va": 102305791, "entry_point": 0, "filename": null, "id": "region_519", "name": "private_0x0000000004190000", "norm_filename": null, "region_type": "private_memory", "start_va": 68747264, "timestamp": "00:00:19.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33558528, "start_va": 102367232, "type": "region", "version": 1 }, "end_va": 135925759, "entry_point": 0, "filename": null, "id": "region_520", "name": "private_0x00000000061a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 102367232, "timestamp": "00:00:19.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1965096960, "type": "region", "version": 1 }, "end_va": 1965150207, "entry_point": 1965096960, "filename": "\\Windows\\SysWOW64\\dhcpcsvc6.dll", "id": "region_521", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 1965096960, "timestamp": "00:00:20.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1994194944, "type": "region", "version": 1 }, "end_va": 1994412031, "entry_point": 1994194944, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_522", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1994194944, "timestamp": "00:00:20.233", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000523-addr_0x0000000000200000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_523", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:20.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_524", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:20.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_525", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:00:20.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965039615, "entry_point": 1964965888, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_526", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:20.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_527", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:20.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 135987200, "type": "region", "version": 1 }, "end_va": 138932223, "entry_point": 135987200, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_528", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 135987200, "timestamp": "00:00:20.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 598015, "entry_point": 0, "filename": null, "id": "region_529", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:00:20.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1961156607, "entry_point": 1959460864, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_530", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:00:20.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_531", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_532", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:00:20.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1992466431, "entry_point": 1979580416, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_533", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:20.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_534", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:00:21.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1964900352, "type": "region", "version": 1 }, "end_va": 1964945407, "entry_point": 1964900352, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_535", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1964900352, "timestamp": "00:00:21.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 81920, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2179071, "entry_point": 2097152, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_536", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:21.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_537", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:00:21.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1081343, "entry_point": 1048576, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_538", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:00:21.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 2228224, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_539", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 2228224, "timestamp": "00:00:21.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1964703744, "type": "region", "version": 1 }, "end_va": 1964838911, "entry_point": 1964703744, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_540", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1964703744, "timestamp": "00:00:21.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1979056128, "type": "region", "version": 1 }, "end_va": 1979338751, "entry_point": 1979056128, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_541", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1979056128, "timestamp": "00:00:21.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959411711, "entry_point": 1959133184, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_542", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:00:21.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000543-addr_0x0000000008480000-size_0x00000000000f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 983040, "start_va": 138936320, "type": "region", "version": 1 }, "end_va": 139919359, "entry_point": 0, "filename": null, "id": "region_543", "name": "private_0x0000000008480000", "norm_filename": null, "region_type": "private_memory", "start_va": 138936320, "timestamp": "00:00:21.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_544", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:00:21.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 138936320, "type": "region", "version": 1 }, "end_va": 139198463, "entry_point": 0, "filename": null, "id": "region_545", "name": "private_0x0000000008480000", "norm_filename": null, "region_type": "private_memory", "start_va": 138936320, "timestamp": "00:00:21.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 139657216, "type": "region", "version": 1 }, "end_va": 139919359, "entry_point": 0, "filename": null, "id": "region_546", "name": "private_0x0000000008530000", "norm_filename": null, "region_type": "private_memory", "start_va": 139657216, "timestamp": "00:00:21.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_547", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:21.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1958739968, "type": "region", "version": 1 }, "end_va": 1959075839, "entry_point": 1958739968, "filename": "\\Windows\\SysWOW64\\rasapi32.dll", "id": "region_548", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\syswow64\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1958739968, "timestamp": "00:00:21.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1964658687, "entry_point": 1964572672, "filename": "\\Windows\\SysWOW64\\rasman.dll", "id": "region_559", "name": "rasman.dll", "norm_filename": "c:\\windows\\syswow64\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:00:21.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964560383, "entry_point": 1964507136, "filename": "\\Windows\\SysWOW64\\rtutils.dll", "id": "region_560", "name": "rtutils.dll", "norm_filename": "c:\\windows\\syswow64\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:21.434", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000563-addr_0x0000000000230000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_563", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:21.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 140443648, "type": "region", "version": 1 }, "end_va": 140705791, "entry_point": 0, "filename": null, "id": "region_564", "name": "private_0x00000000085f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 140443648, "timestamp": "00:00:21.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 141033472, "type": "region", "version": 1 }, "end_va": 141295615, "entry_point": 0, "filename": null, "id": "region_565", "name": "private_0x0000000008680000", "norm_filename": null, "region_type": "private_memory", "start_va": 141033472, "timestamp": "00:00:21.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_566", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:21.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_567", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:00:21.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1964441600, "type": "region", "version": 1 }, "end_va": 1964466175, "entry_point": 1964441600, "filename": "\\Windows\\SysWOW64\\SensApi.dll", "id": "region_568", "name": "sensapi.dll", "norm_filename": "c:\\windows\\syswow64\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1964441600, "timestamp": "00:00:21.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 139919360, "type": "region", "version": 1 }, "end_va": 140181503, "entry_point": 0, "filename": null, "id": "region_569", "name": "private_0x0000000008570000", "norm_filename": null, "region_type": "private_memory", "start_va": 139919360, "timestamp": "00:00:21.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 142016512, "type": "region", "version": 1 }, "end_va": 142278655, "entry_point": 0, "filename": null, "id": "region_570", "name": "private_0x0000000008770000", "norm_filename": null, "region_type": "private_memory", "start_va": 142016512, "timestamp": "00:00:21.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1958674432, "type": "region", "version": 1 }, "end_va": 1958739967, "entry_point": 1958674432, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_571", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1958674432, "timestamp": "00:00:21.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_572", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:21.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000573-addr_0x00000000087b0000-size_0x0000000000160000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1441792, "start_va": 142278656, "type": "region", "version": 1 }, "end_va": 143720447, "entry_point": 0, "filename": null, "id": "region_573", "name": "private_0x00000000087b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 142278656, "timestamp": "00:00:21.703", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000574-addr_0x0000000008910000-size_0x00000000001d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1900544, "start_va": 143720448, "type": "region", "version": 1 }, "end_va": 145620991, "entry_point": 0, "filename": null, "id": "region_574", "name": "private_0x0000000008910000", "norm_filename": null, "region_type": "private_memory", "start_va": 143720448, "timestamp": "00:00:21.705", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000575-addr_0x0000000008ae0000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 145620992, "type": "region", "version": 1 }, "end_va": 147718143, "entry_point": 0, "filename": null, "id": "region_575", "name": "private_0x0000000008ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 145620992, "timestamp": "00:00:21.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958633471, "entry_point": 1958608896, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_576", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:21.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 141492224, "type": "region", "version": 1 }, "end_va": 141754367, "entry_point": 0, "filename": null, "id": "region_577", "name": "private_0x00000000086f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 141492224, "timestamp": "00:00:21.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 141754368, "type": "region", "version": 1 }, "end_va": 142016511, "entry_point": 0, "filename": null, "id": "region_578", "name": "private_0x0000000008730000", "norm_filename": null, "region_type": "private_memory", "start_va": 141754368, "timestamp": "00:00:21.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958608895, "entry_point": 1958543360, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_579", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:21.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_580", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:21.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1958412288, "type": "region", "version": 1 }, "end_va": 1958486015, "entry_point": 1958412288, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_581", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1958412288, "timestamp": "00:00:21.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958395903, "entry_point": 1958150144, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_582", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:00:21.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958084608, "type": "region", "version": 1 }, "end_va": 1958117375, "entry_point": 1958084608, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_583", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1958084608, "timestamp": "00:00:21.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958039551, "entry_point": 1958019072, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_584", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:00:21.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1957953536, "type": "region", "version": 1 }, "end_va": 1957978111, "entry_point": 1957953536, "filename": "\\Windows\\SysWOW64\\wship6.dll", "id": "region_585", "name": "wship6.dll", "norm_filename": "c:\\windows\\syswow64\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1957953536, "timestamp": "00:00:21.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1957691392, "type": "region", "version": 1 }, "end_va": 1957920767, "entry_point": 1957691392, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_586", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1957691392, "timestamp": "00:00:21.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_587", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:00:21.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 142802944, "type": "region", "version": 1 }, "end_va": 143065087, "entry_point": 0, "filename": null, "id": "region_588", "name": "private_0x0000000008830000", "norm_filename": null, "region_type": "private_memory", "start_va": 142802944, "timestamp": "00:00:21.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 143654912, "type": "region", "version": 1 }, "end_va": 143720447, "entry_point": 0, "filename": null, "id": "region_589", "name": "private_0x0000000008900000", "norm_filename": null, "region_type": "private_memory", "start_va": 143654912, "timestamp": "00:00:21.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972776959, "entry_point": 1972240384, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_590", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:00:21.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_591", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:00:21.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 1957298176, "type": "region", "version": 1 }, "end_va": 1957666815, "entry_point": 1957298176, "filename": "\\Windows\\SysWOW64\\netprofm.dll", "id": "region_592", "name": "netprofm.dll", "norm_filename": "c:\\windows\\syswow64\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 1957298176, "timestamp": "00:00:21.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 143720448, "type": "region", "version": 1 }, "end_va": 144769023, "entry_point": 0, "filename": null, "id": "region_593", "name": "private_0x0000000008910000", "norm_filename": null, "region_type": "private_memory", "start_va": 143720448, "timestamp": "00:00:22.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 145555456, "type": "region", "version": 1 }, "end_va": 145620991, "entry_point": 0, "filename": null, "id": "region_594", "name": "private_0x0000000008ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 145555456, "timestamp": "00:00:22.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957257215, "entry_point": 1957167104, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_595", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:00:22.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956904960, "type": "region", "version": 1 }, "end_va": 1957146623, "entry_point": 1956904960, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_596", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956904960, "timestamp": "00:00:22.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956839424, "type": "region", "version": 1 }, "end_va": 1956896767, "entry_point": 1956839424, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_597", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956839424, "timestamp": "00:00:22.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 140181504, "type": "region", "version": 1 }, "end_va": 140443647, "entry_point": 0, "filename": null, "id": "region_598", "name": "private_0x00000000085b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 140181504, "timestamp": "00:00:22.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 140705792, "type": "region", "version": 1 }, "end_va": 140967935, "entry_point": 0, "filename": null, "id": "region_599", "name": "private_0x0000000008630000", "norm_filename": null, "region_type": "private_memory", "start_va": 140705792, "timestamp": "00:00:22.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1956773888, "type": "region", "version": 1 }, "end_va": 1956806655, "entry_point": 1956773888, "filename": "\\Windows\\SysWOW64\\npmproxy.dll", "id": "region_600", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\syswow64\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 1956773888, "timestamp": "00:00:22.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_601", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:00:22.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 143261696, "type": "region", "version": 1 }, "end_va": 143523839, "entry_point": 0, "filename": null, "id": "region_739", "name": "private_0x00000000088a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 143261696, "timestamp": "00:00:25.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 145620992, "type": "region", "version": 1 }, "end_va": 145883135, "entry_point": 0, "filename": null, "id": "region_740", "name": "private_0x0000000008ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 145620992, "timestamp": "00:00:25.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_741", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:00:25.396", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000742-addr_0x0000000008b20000-size_0x0000000000501000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 5246976, "start_va": 145883136, "type": "region", "version": 1 }, "end_va": 151130111, "entry_point": 0, "filename": null, "id": "region_742", "name": "private_0x0000000008b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 145883136, "timestamp": "00:00:46.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 268435456, "type": "region", "version": 1 }, "end_va": 268517375, "entry_point": 0, "filename": null, "id": "region_743", "name": "private_0x0000000010000000", "norm_filename": null, "region_type": "private_memory", "start_va": 268435456, "timestamp": "00:00:46.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1956708352, "type": "region", "version": 1 }, "end_va": 1956737023, "entry_point": 1956708352, "filename": "\\Windows\\SysWOW64\\wsock32.dll", "id": "region_744", "name": "wsock32.dll", "norm_filename": "c:\\windows\\syswow64\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1956708352, "timestamp": "00:00:46.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1956577280, "type": "region", "version": 1 }, "end_va": 1956671487, "entry_point": 1956577280, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_745", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1956577280, "timestamp": "00:00:46.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1940389888, "type": "region", "version": 1 }, "end_va": 1940914175, "entry_point": 1940389888, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_746", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1940389888, "timestamp": "00:00:46.878", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000747-addr_0x00000000002a0000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_747", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:46.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956515839, "entry_point": 1956446208, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_748", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:00:46.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1956380672, "type": "region", "version": 1 }, "end_va": 1956417535, "entry_point": 1956380672, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_749", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1956380672, "timestamp": "00:00:46.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1956249600, "type": "region", "version": 1 }, "end_va": 1956351999, "entry_point": 1956249600, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_750", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1956249600, "timestamp": "00:00:46.960", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "cmd /K", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_4", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000816-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_816", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000817-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_817", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:47.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_818", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:47.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_819", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:47.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_820", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:47.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_821", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:47.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_822", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:47.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1247412224, "type": "region", "version": 1 }, "end_va": 1247723519, "entry_point": 1247412224, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_823", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1247412224, "timestamp": "00:00:47.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_824", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:47.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_825", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:00:47.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_826", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:47.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_827", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:47.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_828", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:47.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_829", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:47.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_830", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:47.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_831", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:47.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_832", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:47.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_833", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:47.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942484888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_834", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:00:47.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942806136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_835", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:00:47.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943085304, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_836", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:00:47.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_840", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_841", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:47.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_842", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:47.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_843", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:47.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_844", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:00:47.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1955725312, "type": "region", "version": 1 }, "end_va": 1955753983, "entry_point": 1955725312, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_845", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1955725312, "timestamp": "00:00:47.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965494497, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_846", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:00:47.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965663155, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_847", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:00:47.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967457641, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_848", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:00:47.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971304173, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_849", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:00:47.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972849013, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_850", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:00:47.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_851", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:00:47.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976673394, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_852", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:00:47.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977430739, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_853", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:00:47.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996371616, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_854", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:00:47.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997763704, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_855", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:00:47.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998274519, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_856", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:00:47.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999194597, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_857", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:00:47.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_858", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:00:47.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_859", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:00:47.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_860", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:47.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_861", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:47.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 7307263, "entry_point": 0, "filename": null, "id": "region_862", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:00:47.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975260811, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_863", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:00:47.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1996035471, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_864", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:00:47.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_865", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:47.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_866", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:47.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_867", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:47.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_868", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:47.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 8916991, "entry_point": 0, "filename": null, "id": "region_869", "name": "pagefile_0x0000000000700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7340032, "timestamp": "00:00:47.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_870", "name": "pagefile_0x0000000000890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8978432, "timestamp": "00:00:47.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 33370111, "entry_point": 0, "filename": null, "id": "region_871", "name": "pagefile_0x0000000001c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29949952, "timestamp": "00:00:47.515", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\System32\\svchost.exe", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_5", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000916-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_916", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:55.953", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000917-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_917", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:55.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_918", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:55.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_919", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:55.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_920", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:55.959", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000921-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_921", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:55.960", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000922-addr_0x00000000001e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_922", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:55.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5210111, "entry_point": 5185796, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_923", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 5177344, "timestamp": "00:00:55.961", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000924-addr_0x000000000bc00000-size_0x0000000000012000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 197132288, "type": "region", "version": 1 }, "end_va": 197206015, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x000000000bc00000", "norm_filename": null, "region_type": "private_memory", "start_va": 197132288, "timestamp": "00:00:55.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_925", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:55.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_926", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:00:55.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_927", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:55.963", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000928-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_928", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:55.964", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000929-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_929", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:55.964", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000930-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_930", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:55.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_931", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:55.965", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000932-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_932", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:55.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_933", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:55.965", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000934-addr_0x0000000000150000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_934", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:55.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942484888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_935", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:00:55.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942806136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_936", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:00:55.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943085304, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_937", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:00:55.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_938", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:56.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000939-addr_0x0000000000030000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_939", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:56.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_940", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:00:56.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000941-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_941", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:56.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1956118528, "type": "region", "version": 1 }, "end_va": 1956179967, "entry_point": 1956123230, "filename": "\\Windows\\SysWOW64\\samcli.dll", "id": "region_942", "name": "samcli.dll", "norm_filename": "c:\\windows\\syswow64\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1956118528, "timestamp": "00:00:56.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1956245503, "entry_point": 1956188833, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_943", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:00:56.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1956249600, "type": "region", "version": 1 }, "end_va": 1956351999, "entry_point": 1956254489, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_944", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1956249600, "timestamp": "00:00:56.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1956380672, "type": "region", "version": 1 }, "end_va": 1956417535, "entry_point": 1956386214, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_945", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1956380672, "timestamp": "00:00:56.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956515839, "entry_point": 1956451072, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_946", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:00:56.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1956577280, "type": "region", "version": 1 }, "end_va": 1956671487, "entry_point": 1956584605, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_947", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1956577280, "timestamp": "00:00:56.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1964900352, "type": "region", "version": 1 }, "end_va": 1964945407, "entry_point": 1964906898, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_948", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1964900352, "timestamp": "00:00:56.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965494497, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_949", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:00:56.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965663155, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_950", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:00:56.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1967374335, "entry_point": 1966258749, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_951", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:56.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967457641, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_952", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:00:56.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1968373760, "type": "region", "version": 1 }, "end_va": 1970450431, "entry_point": 1968382681, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_953", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1968373760, "timestamp": "00:00:56.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971304173, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_954", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:00:56.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972849013, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_955", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:00:56.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972961280, "type": "region", "version": 1 }, "end_va": 1974128639, "entry_point": 1972966794, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_956", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972961280, "timestamp": "00:00:56.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_957", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:00:56.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1976369152, "type": "region", "version": 1 }, "end_va": 1976393727, "entry_point": 1976375170, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_958", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1976369152, "timestamp": "00:00:56.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976673394, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_959", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:00:56.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977430739, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_960", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:00:56.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1978466304, "type": "region", "version": 1 }, "end_va": 1979052031, "entry_point": 1978482609, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_961", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1978466304, "timestamp": "00:00:56.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1992466431, "entry_point": 1980110337, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_962", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:56.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1994194944, "type": "region", "version": 1 }, "end_va": 1994412031, "entry_point": 1994200157, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_963", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1994194944, "timestamp": "00:00:56.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1994457088, "type": "region", "version": 1 }, "end_va": 1995460607, "entry_point": 1994463333, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_964", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1994457088, "timestamp": "00:00:56.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1995505664, "type": "region", "version": 1 }, "end_va": 1995862015, "entry_point": 1995611046, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_965", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1995505664, "timestamp": "00:00:56.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996371616, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_966", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:00:56.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1996423168, "type": "region", "version": 1 }, "end_va": 1997692927, "entry_point": 1996430133, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_967", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1996423168, "timestamp": "00:00:56.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997763704, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_968", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:00:56.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998274519, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_969", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:00:56.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999194597, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_970", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:00:56.017", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000971-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_971", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:00:56.018", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000972-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_972", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:00:56.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2003772302, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_973", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:00:56.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_974", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:56.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_975", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:56.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6848511, "entry_point": 0, "filename": null, "id": "region_976", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:56.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975260811, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_977", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:00:56.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1996035471, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_978", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:00:56.025", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000979-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_979", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:56.034", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000980-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_980", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:56.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_981", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:56.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 29491199, "entry_point": 0, "filename": null, "id": "region_982", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:00:56.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1940389888, "type": "region", "version": 1 }, "end_va": 1940914175, "entry_point": 1940469705, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_983", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1940389888, "timestamp": "00:00:56.051", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000984-addr_0x00000000003a0000-size_0x00000000000e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 917504, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_984", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:56.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 32436223, "entry_point": 29491200, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_985", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 29491200, "timestamp": "00:00:56.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000986-addr_0x0000000000220000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_986", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:56.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_987", "name": "pagefile_0x0000000000080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 524288, "timestamp": "00:00:56.068", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000988-addr_0x0000000001ef0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 33492991, "entry_point": 0, "filename": null, "id": "region_988", "name": "private_0x0000000001ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32440320, "timestamp": "00:00:56.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1950547968, "type": "region", "version": 1 }, "end_va": 1952337919, "entry_point": 1952000035, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", "id": "region_991", "name": "nss3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1950547968, "timestamp": "00:00:56.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955667967, "entry_point": 1955477489, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_992", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:00:56.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1956708352, "type": "region", "version": 1 }, "end_va": 1956737023, "entry_point": 1956712736, "filename": "\\Windows\\SysWOW64\\wsock32.dll", "id": "region_993", "name": "wsock32.dll", "norm_filename": "c:\\windows\\syswow64\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1956708352, "timestamp": "00:00:56.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1949761536, "type": "region", "version": 1 }, "end_va": 1950543871, "entry_point": 1949834748, "filename": "\\Windows\\SysWOW64\\msvcr100.dll", "id": "region_994", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1949761536, "timestamp": "00:00:56.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955405823, "entry_point": 1955355760, "filename": "\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll", "id": "region_995", "name": "mozglue.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:00:56.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1949302784, "type": "region", "version": 1 }, "end_va": 1949732863, "entry_point": 1949514996, "filename": "\\Windows\\SysWOW64\\msvcp100.dll", "id": "region_996", "name": "msvcp100.dll", "norm_filename": "c:\\windows\\syswow64\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1949302784, "timestamp": "00:00:56.728", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000997-addr_0x0000000001ef0000-size_0x00000000001e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1966080, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 34406399, "entry_point": 0, "filename": null, "id": "region_997", "name": "private_0x0000000001ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32440320, "timestamp": "00:00:56.731", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000998-addr_0x0000000001ef0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 33488895, "entry_point": 0, "filename": null, "id": "region_998", "name": "private_0x0000000001ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32440320, "timestamp": "00:00:56.734", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000999-addr_0x00000000020c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 34406399, "entry_point": 0, "filename": null, "id": "region_999", "name": "private_0x00000000020c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34340864, "timestamp": "00:00:56.734", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001000-addr_0x00000000020d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 34406400, "type": "region", "version": 1 }, "end_va": 35454975, "entry_point": 0, "filename": null, "id": "region_1000", "name": "private_0x00000000020d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34406400, "timestamp": "00:00:56.737", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001001-addr_0x0000000002100000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_1001", "name": "private_0x0000000002100000", "norm_filename": null, "region_type": "private_memory", "start_va": 34603008, "timestamp": "00:00:56.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1948778496, "type": "region", "version": 1 }, "end_va": 1948938239, "entry_point": 1948894601, "filename": "\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll", "id": "region_1002", "name": "softokn3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1948778496, "timestamp": "00:00:56.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1948647424, "type": "region", "version": 1 }, "end_va": 1948741631, "entry_point": 1948719776, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll", "id": "region_1003", "name": "nssdbm3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1948647424, "timestamp": "00:00:56.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 1310720, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_1004", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:56.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1929215, "entry_point": 0, "filename": null, "id": "region_1005", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:56.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3809279, "entry_point": 0, "filename": null, "id": "region_1006", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:00:56.750", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001007-addr_0x0000000000440000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_1007", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:00:56.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 35651584, "type": "region", "version": 1 }, "end_va": 39792639, "entry_point": 0, "filename": null, "id": "region_1008", "name": "pagefile_0x0000000002200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35651584, "timestamp": "00:00:56.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948643327, "entry_point": 1948541954, "filename": "\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll", "id": "region_1010", "name": "freebl3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:00:56.754", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001011-addr_0x0000000002600000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 39845888, "type": "region", "version": 1 }, "end_va": 40898559, "entry_point": 0, "filename": null, "id": "region_1011", "name": "private_0x0000000002600000", "norm_filename": null, "region_type": "private_memory", "start_va": 39845888, "timestamp": "00:00:56.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1955938303, "entry_point": 1955863977, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_1014", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:00:56.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1955987456, "type": "region", "version": 1 }, "end_va": 1956040703, "entry_point": 1956010781, "filename": "\\Windows\\SysWOW64\\pstorec.dll", "id": "region_1015", "name": "pstorec.dll", "norm_filename": "c:\\windows\\syswow64\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1955987456, "timestamp": "00:00:56.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1016", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:56.791", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001017-addr_0x00000000004a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_1017", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:00:56.792", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001018-addr_0x0000000002620000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 39976960, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_1018", "name": "private_0x0000000002620000", "norm_filename": null, "region_type": "private_memory", "start_va": 39976960, "timestamp": "00:00:56.792", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001019-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1019", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:56.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972776959, "entry_point": 1972249554, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1020", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:00:56.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 0, "filename": null, "id": "region_1021", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:00:56.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11010048, "start_va": 1924595712, "type": "region", "version": 1 }, "end_va": 1935605759, "entry_point": 1924623253, "filename": "\\Windows\\SysWOW64\\ieframe.dll", "id": "region_1022", "name": "ieframe.dll", "norm_filename": "c:\\windows\\syswow64\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 1924595712, "timestamp": "00:00:56.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1995919359, "entry_point": 1995904056, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1023", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:56.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1955004416, "type": "region", "version": 1 }, "end_va": 1955250175, "entry_point": 1955016841, "filename": "\\Windows\\SysWOW64\\oleacc.dll", "id": "region_1024", "name": "oleacc.dll", "norm_filename": "c:\\windows\\syswow64\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 1955004416, "timestamp": "00:00:56.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 3932160, "filename": "\\Windows\\SysWOW64\\oleaccrc.dll", "id": "region_1025", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\syswow64\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:00:56.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4005887, "entry_point": 0, "filename": null, "id": "region_1026", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:00:56.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1961156607, "entry_point": 1959650997, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1027", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:00:56.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 4063232, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1028", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 4063232, "timestamp": "00:00:56.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_1029", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:00:56.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1949106176, "type": "region", "version": 1 }, "end_va": 1949294591, "entry_point": 1949112045, "filename": "\\Windows\\SysWOW64\\mlang.dll", "id": "region_1030", "name": "mlang.dll", "norm_filename": "c:\\windows\\syswow64\\mlang.dll", "region_type": "memory_mapped_file", "start_va": 1949106176, "timestamp": "00:00:56.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 81920, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4276223, "entry_point": 4194304, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1031", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:56.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4095999, "entry_point": 4063232, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1032", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 4063232, "timestamp": "00:00:56.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 4325376, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1033", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 4325376, "timestamp": "00:00:56.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1956052992, "type": "region", "version": 1 }, "end_va": 1956102143, "entry_point": 1956073564, "filename": "\\Windows\\SysWOW64\\vaultcli.dll", "id": "region_1034", "name": "vaultcli.dll", "norm_filename": "c:\\windows\\syswow64\\vaultcli.dll", "region_type": "memory_mapped_file", "start_va": 1956052992, "timestamp": "00:00:56.967", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001035-addr_0x0000000002660000-size_0x00000000005a1000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 5902336, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 46141439, "entry_point": 0, "filename": null, "id": "region_1035", "name": "private_0x0000000002660000", "norm_filename": null, "region_type": "private_memory", "start_va": 40239104, "timestamp": "00:00:57.008", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001036-addr_0x0000000002c10000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 46202880, "type": "region", "version": 1 }, "end_va": 47255551, "entry_point": 0, "filename": null, "id": "region_1036", "name": "private_0x0000000002c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 46202880, "timestamp": "00:00:57.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4399103, "entry_point": 0, "filename": null, "id": "region_1037", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:00:57.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959411711, "entry_point": 1959224313, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_1038", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:00:57.025", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001039-addr_0x0000000002660000-size_0x0000000000150000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1376256, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 41615359, "entry_point": 0, "filename": null, "id": "region_1039", "name": "private_0x0000000002660000", "norm_filename": null, "region_type": "private_memory", "start_va": 40239104, "timestamp": "00:00:57.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1965228032, "type": "region", "version": 1 }, "end_va": 1965342719, "entry_point": 1965270065, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_1040", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1965228032, "timestamp": "00:00:57.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1965162496, "type": "region", "version": 1 }, "end_va": 1965191167, "entry_point": 1965167245, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_1041", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1965162496, "timestamp": "00:00:57.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958395903, "entry_point": 1958155357, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_1042", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:00:57.035", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001043-addr_0x0000000002660000-size_0x00000000000f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 983040, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 41222143, "entry_point": 0, "filename": null, "id": "region_1043", "name": "private_0x0000000002660000", "norm_filename": null, "region_type": "private_memory", "start_va": 40239104, "timestamp": "00:00:57.037", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001044-addr_0x0000000002770000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41615359, "entry_point": 0, "filename": null, "id": "region_1044", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:00:57.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958039551, "entry_point": 1958024671, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_1045", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:00:57.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1958674432, "type": "region", "version": 1 }, "end_va": 1958739967, "entry_point": 1958688961, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_1046", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1958674432, "timestamp": "00:00:57.040", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001047-addr_0x0000000001ff0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 34013183, "entry_point": 0, "filename": null, "id": "region_1047", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:00:57.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001048-addr_0x0000000001ff0000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_1048", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:00:57.043", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001049-addr_0x0000000002060000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33947648, "type": "region", "version": 1 }, "end_va": 34013183, "entry_point": 0, "filename": null, "id": "region_1049", "name": "private_0x0000000002060000", "norm_filename": null, "region_type": "private_memory", "start_va": 33947648, "timestamp": "00:00:57.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958608895, "entry_point": 1958548774, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_1050", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:57.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1958412288, "type": "region", "version": 1 }, "end_va": 1958486015, "entry_point": 1958418674, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_1051", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1958412288, "timestamp": "00:00:57.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958084608, "type": "region", "version": 1 }, "end_va": 1958117375, "entry_point": 1958089502, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_1052", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1958084608, "timestamp": "00:00:57.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1957691392, "type": "region", "version": 1 }, "end_va": 1957920767, "entry_point": 1957730574, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_1053", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1957691392, "timestamp": "00:00:57.050", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001054-addr_0x00000000027b0000-size_0x0000000000150000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1376256, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_1054", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:00:57.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958633471, "entry_point": 1958614194, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_1055", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:57.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1949048831, "entry_point": 1948993429, "filename": "\\Windows\\SysWOW64\\samlib.dll", "id": "region_1056", "name": "samlib.dll", "norm_filename": "c:\\windows\\syswow64\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:00:57.438", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001057-addr_0x00000000026b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40566784, "type": "region", "version": 1 }, "end_va": 40828927, "entry_point": 0, "filename": null, "id": "region_1057", "name": "private_0x00000000026b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40566784, "timestamp": "00:00:57.441", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001058-addr_0x0000000002710000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 41222143, "entry_point": 0, "filename": null, "id": "region_1058", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:00:57.442", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001059-addr_0x0000000002a00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 44040192, "type": "region", "version": 1 }, "end_va": 45088767, "entry_point": 0, "filename": null, "id": "region_1059", "name": "private_0x0000000002a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 44040192, "timestamp": "00:00:57.442", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001060-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1060", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:57.442", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001061-addr_0x00000000027b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_1061", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:00:57.604", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\BN649B.tmp", "filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\bn649b.tmp", "id": "proc_6", "image_name": "bn649b.tmp", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00001062-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1062", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:58.604", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001063-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1063", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:58.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1064", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:58.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001065-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1065", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:58.610", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001066-addr_0x0000000000090000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_1066", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:58.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2703359, "entry_point": 0, "filename": null, "id": "region_1067", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:00:58.610", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001068-addr_0x0000000000400000-size_0x000000000002f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 192512, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4386815, "entry_point": 4194304, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\BN649B.tmp", "id": "region_1068", "name": "bn649b.tmp", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\bn649b.tmp", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:58.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1069", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:58.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1070", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:00:58.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1071", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:58.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001072-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1072", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:58.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001073-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1073", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:58.613", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001074-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1074", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:58.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1075", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:58.613", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001076-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1076", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:58.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1077", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:58.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001078-addr_0x0000000000550000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_1078", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:00:58.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942484888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1079", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:00:58.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942806136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1080", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:00:58.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943085304, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1081", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:00:58.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1082", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:58.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3174399, "entry_point": 2752512, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1083", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2752512, "timestamp": "00:00:58.764", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001084-addr_0x00000000003f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_1084", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:00:58.766", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001085-addr_0x00000000006f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8323071, "entry_point": 0, "filename": null, "id": "region_1085", "name": "private_0x00000000006f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7274496, "timestamp": "00:00:58.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1935671296, "type": "region", "version": 1 }, "end_va": 1935749119, "entry_point": 1935671296, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_1086", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1935671296, "timestamp": "00:00:58.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1945370624, "type": "region", "version": 1 }, "end_va": 1945395199, "entry_point": 1945370624, "filename": "\\Windows\\SysWOW64\\dciman32.dll", "id": "region_1087", "name": "dciman32.dll", "norm_filename": "c:\\windows\\syswow64\\dciman32.dll", "region_type": "memory_mapped_file", "start_va": 1945370624, "timestamp": "00:00:58.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 946176, "start_va": 1945436160, "type": "region", "version": 1 }, "end_va": 1946382335, "entry_point": 1945436160, "filename": "\\Windows\\SysWOW64\\ddraw.dll", "id": "region_1088", "name": "ddraw.dll", "norm_filename": "c:\\windows\\syswow64\\ddraw.dll", "region_type": "memory_mapped_file", "start_va": 1945436160, "timestamp": "00:00:58.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946443775, "entry_point": 1946419200, "filename": "\\Windows\\SysWOW64\\d3d8thk.dll", "id": "region_1089", "name": "d3d8thk.dll", "norm_filename": "c:\\windows\\syswow64\\d3d8thk.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:00:58.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1847296, "start_va": 1946484736, "type": "region", "version": 1 }, "end_va": 1948332031, "entry_point": 1946484736, "filename": "\\Windows\\SysWOW64\\d3d9.dll", "id": "region_1090", "name": "d3d9.dll", "norm_filename": "c:\\windows\\syswow64\\d3d9.dll", "region_type": "memory_mapped_file", "start_va": 1946484736, "timestamp": "00:00:58.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1948385280, "type": "region", "version": 1 }, "end_va": 1948925951, "entry_point": 1948385280, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1091", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948385280, "timestamp": "00:00:58.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955790848, "type": "region", "version": 1 }, "end_va": 1955827711, "entry_point": 1955790848, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_1092", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1955790848, "timestamp": "00:00:58.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965494497, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1093", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:00:58.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965663155, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1094", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:00:58.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1967374335, "entry_point": 1966258749, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1095", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:58.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967457641, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1096", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:00:58.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971134463, "entry_point": 1971060736, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_1097", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:58.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971304173, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1098", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:00:58.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972849013, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1099", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:00:58.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1100", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:00:58.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1974730752, "type": "region", "version": 1 }, "end_va": 1975234559, "entry_point": 1974730752, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_1101", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1974730752, "timestamp": "00:00:58.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1976172544, "type": "region", "version": 1 }, "end_va": 1976332287, "entry_point": 1976172544, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_1102", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1976172544, "timestamp": "00:00:58.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1976369152, "type": "region", "version": 1 }, "end_va": 1976393727, "entry_point": 1976375170, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1103", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1976369152, "timestamp": "00:00:58.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976673394, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1104", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:00:58.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977430739, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1105", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:00:58.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1978466304, "type": "region", "version": 1 }, "end_va": 1979052031, "entry_point": 1978482609, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1106", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1978466304, "timestamp": "00:00:58.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1992466431, "entry_point": 1980110337, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1107", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:58.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1992491008, "type": "region", "version": 1 }, "end_va": 1994182655, "entry_point": 1992491008, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_1108", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1992491008, "timestamp": "00:00:58.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1994194944, "type": "region", "version": 1 }, "end_va": 1994412031, "entry_point": 1994200157, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1109", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1994194944, "timestamp": "00:00:58.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1995505664, "type": "region", "version": 1 }, "end_va": 1995862015, "entry_point": 1995611046, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1110", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1995505664, "timestamp": "00:00:58.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996371616, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1111", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:00:58.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997763704, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1112", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:00:58.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998274519, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1113", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:00:58.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999194597, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1114", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:00:58.944", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001115-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_1115", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:00:58.945", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001116-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_1116", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:00:58.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1117", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:58.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1118", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:58.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 9928703, "entry_point": 0, "filename": null, "id": "region_1119", "name": "pagefile_0x00000000007f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8323072, "timestamp": "00:00:58.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975260811, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1120", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:00:58.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1996035471, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1121", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:00:58.951", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001122-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1122", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:58.994", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001123-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1123", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:58.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3239935, "entry_point": 0, "filename": null, "id": "region_1124", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:00:58.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3284991, "entry_point": 0, "filename": null, "id": "region_1125", "name": "pagefile_0x0000000000320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3276800, "timestamp": "00:00:58.994", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001126-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1126", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:00:58.995", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001127-addr_0x0000000000500000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_1127", "name": "private_0x0000000000500000", "norm_filename": null, "region_type": "private_memory", "start_va": 5242880, "timestamp": "00:00:58.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 11538431, "entry_point": 0, "filename": null, "id": "region_1128", "name": "pagefile_0x0000000000980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9961472, "timestamp": "00:00:58.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11599872, "type": "region", "version": 1 }, "end_va": 32571391, "entry_point": 0, "filename": null, "id": "region_1129", "name": "pagefile_0x0000000000b10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11599872, "timestamp": "00:00:58.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 36712447, "entry_point": 0, "filename": null, "id": "region_1130", "name": "pagefile_0x0000000001f10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32571392, "timestamp": "00:00:58.996", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001131-addr_0x0000000000330000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3346431, "entry_point": 0, "filename": null, "id": "region_1131", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:58.996", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001132-addr_0x0000000000430000-size_0x0000000000085000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 544768, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4935679, "entry_point": 0, "filename": null, "id": "region_1132", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:58.997", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001133-addr_0x00000000005d0000-size_0x0000000000085000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 544768, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6639615, "entry_point": 0, "filename": null, "id": "region_1133", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:00:59.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001134-addr_0x0000000000370000-size_0x0000000000022000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 139264, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3743743, "entry_point": 0, "filename": null, "id": "region_1134", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:59.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001135-addr_0x0000000000340000-size_0x000000000001a000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 106496, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3514367, "entry_point": 0, "filename": null, "id": "region_1135", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:00:59.020", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001153-addr_0x0000000002310000-size_0x0000000000282000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2629632, "start_va": 36765696, "type": "region", "version": 1 }, "end_va": 39395327, "entry_point": 0, "filename": null, "id": "region_1153", "name": "private_0x0000000002310000", "norm_filename": null, "region_type": "private_memory", "start_va": 36765696, "timestamp": "00:00:59.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2625536, "start_va": 39452672, "type": "region", "version": 1 }, "end_va": 42078207, "entry_point": 0, "filename": null, "id": "region_1154", "name": "pagefile_0x00000000025a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39452672, "timestamp": "00:00:59.218", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001155-addr_0x0000000000340000-size_0x0000000000017000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 94208, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3502079, "entry_point": 0, "filename": null, "id": "region_1155", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:00:59.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3702783, "entry_point": 0, "filename": null, "id": "region_1156", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:00:59.235", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "explorer.exe", "filename": "c:\\windows\\syswow64\\explorer.exe", "id": "proc_7", "image_name": "explorer.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00001136-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1136", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:59.099", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001137-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1137", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:59.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1138", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:59.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1139", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:59.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1140", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:59.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_1141", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:59.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_1142", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:59.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2625536, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 11341823, "entry_point": 8716288, "filename": "\\Windows\\SysWOW64\\explorer.exe", "id": "region_1143", "name": "explorer.exe", "norm_filename": "c:\\windows\\syswow64\\explorer.exe", "region_type": "memory_mapped_file", "start_va": 8716288, "timestamp": "00:00:59.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1144", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:59.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1145", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:00:59.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1146", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:59.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1147", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:59.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1148", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:59.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1149", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:59.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1150", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:59.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1151", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:59.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1152", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:59.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 557055, "entry_point": 0, "filename": null, "id": "region_1157", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:59.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_1158", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:59.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942484888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1159", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:00:59.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942806136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1160", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:00:59.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943085304, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1161", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:00:59.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1162", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:59.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 139263, "entry_point": 0, "filename": null, "id": "region_1163", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:59.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1011711, "entry_point": 589824, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1164", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 589824, "timestamp": "00:00:59.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_1165", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:59.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_1166", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:00:59.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1935671296, "type": "region", "version": 1 }, "end_va": 1935749119, "entry_point": 1935678783, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_1167", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1935671296, "timestamp": "00:00:59.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1503232, "start_va": 1938882560, "type": "region", "version": 1 }, "end_va": 1940385791, "entry_point": 1938882560, "filename": "\\Windows\\SysWOW64\\ExplorerFrame.dll", "id": "region_1168", "name": "explorerframe.dll", "norm_filename": "c:\\windows\\syswow64\\explorerframe.dll", "region_type": "memory_mapped_file", "start_va": 1938882560, "timestamp": "00:00:59.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1940389888, "type": "region", "version": 1 }, "end_va": 1940914175, "entry_point": 1940469705, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1169", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1940389888, "timestamp": "00:00:59.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1942179839, "entry_point": 1941176320, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_1170", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:00:59.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1945174016, "type": "region", "version": 1 }, "end_va": 1945366527, "entry_point": 1945174016, "filename": "\\Windows\\SysWOW64\\duser.dll", "id": "region_1171", "name": "duser.dll", "norm_filename": "c:\\windows\\syswow64\\duser.dll", "region_type": "memory_mapped_file", "start_va": 1945174016, "timestamp": "00:00:59.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946288128, "type": "region", "version": 1 }, "end_va": 1946320895, "entry_point": 1946288128, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_1172", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1946288128, "timestamp": "00:00:59.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1946353664, "type": "region", "version": 1 }, "end_va": 1947992063, "entry_point": 1946353664, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_1173", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1946353664, "timestamp": "00:00:59.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1947992064, "type": "region", "version": 1 }, "end_va": 1948143615, "entry_point": 1947992064, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_1174", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1947992064, "timestamp": "00:00:59.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 1948188672, "type": "region", "version": 1 }, "end_va": 1948917759, "entry_point": 1948188672, "filename": "\\Windows\\SysWOW64\\dui70.dll", "id": "region_1175", "name": "dui70.dll", "norm_filename": "c:\\windows\\syswow64\\dui70.dll", "region_type": "memory_mapped_file", "start_va": 1948188672, "timestamp": "00:00:59.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1955790848, "type": "region", "version": 1 }, "end_va": 1955831807, "entry_point": 1955790848, "filename": "\\Windows\\SysWOW64\\slc.dll", "id": "region_1176", "name": "slc.dll", "norm_filename": "c:\\windows\\syswow64\\slc.dll", "region_type": "memory_mapped_file", "start_va": 1955790848, "timestamp": "00:00:59.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965494497, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1177", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:00:59.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965663155, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1178", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:00:59.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1967374335, "entry_point": 1966258749, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1179", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:59.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967457641, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1180", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:00:59.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971134463, "entry_point": 1971065921, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_1181", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:59.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971304173, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1182", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:00:59.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972849013, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1183", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:00:59.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1184", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:00:59.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975260811, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1185", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:00:59.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1976172544, "type": "region", "version": 1 }, "end_va": 1976332287, "entry_point": 1976195257, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_1186", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1976172544, "timestamp": "00:00:59.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976673394, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1187", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:00:59.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977430739, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1188", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:00:59.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1978466304, "type": "region", "version": 1 }, "end_va": 1979052031, "entry_point": 1978482609, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1189", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1978466304, "timestamp": "00:00:59.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1992466431, "entry_point": 1980110337, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1190", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:59.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1992491008, "type": "region", "version": 1 }, "end_va": 1994182655, "entry_point": 1992497127, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_1191", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1992491008, "timestamp": "00:00:59.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1995505664, "type": "region", "version": 1 }, "end_va": 1995862015, "entry_point": 1995611046, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1192", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1995505664, "timestamp": "00:00:59.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1996035471, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1193", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:00:59.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996371616, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1194", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:00:59.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997763704, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1195", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:00:59.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998274519, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1196", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:00:59.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999194597, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1197", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:00:59.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_1198", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:00:59.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_1199", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:00:59.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1200", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:59.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1201", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:59.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1202", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:59.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1056767, "entry_point": 0, "filename": null, "id": "region_1203", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:00:59.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_1204", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:59.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_1205", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:00:59.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1206", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:59.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_1207", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:59.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 6062079, "entry_point": 0, "filename": null, "id": "region_1208", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:00:59.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 11403264, "type": "region", "version": 1 }, "end_va": 12980223, "entry_point": 0, "filename": null, "id": "region_1209", "name": "pagefile_0x0000000000ae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11403264, "timestamp": "00:00:59.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 13041664, "type": "region", "version": 1 }, "end_va": 34013183, "entry_point": 0, "filename": null, "id": "region_1210", "name": "pagefile_0x0000000000c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13041664, "timestamp": "00:00:59.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 38154239, "entry_point": 0, "filename": null, "id": "region_1211", "name": "pagefile_0x0000000002070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34013184, "timestamp": "00:00:59.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1994194944, "type": "region", "version": 1 }, "end_va": 1994412031, "entry_point": 1994200157, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1212", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1994194944, "timestamp": "00:00:59.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1976369152, "type": "region", "version": 1 }, "end_va": 1976393727, "entry_point": 1976375170, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1213", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1976369152, "timestamp": "00:00:59.634", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001214-addr_0x0000000002470000-size_0x0000000000220000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2228224, "start_va": 38207488, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 0, "filename": null, "id": "region_1214", "name": "private_0x0000000002470000", "norm_filename": null, "region_type": "private_memory", "start_va": 38207488, "timestamp": "00:00:59.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959411711, "entry_point": 1959224313, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_1215", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:00:59.637", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001216-addr_0x00000000006d0000-size_0x00000000000c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 786432, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7929855, "entry_point": 0, "filename": null, "id": "region_1216", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:00:59.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1994457088, "type": "region", "version": 1 }, "end_va": 1995460607, "entry_point": 1994463333, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_1217", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1994457088, "timestamp": "00:00:59.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1996423168, "type": "region", "version": 1 }, "end_va": 1997692927, "entry_point": 1996430133, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_1218", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1996423168, "timestamp": "00:00:59.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972961280, "type": "region", "version": 1 }, "end_va": 1974128639, "entry_point": 1972966794, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1219", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972961280, "timestamp": "00:00:59.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2003772302, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1220", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:00:59.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1968373760, "type": "region", "version": 1 }, "end_va": 1970450431, "entry_point": 1968382681, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_1221", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1968373760, "timestamp": "00:00:59.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_1222", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:00:59.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 7929855, "entry_point": 0, "filename": null, "id": "region_1223", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:00:59.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 8650751, "entry_point": 0, "filename": null, "id": "region_1224", "name": "private_0x0000000000800000", "norm_filename": null, "region_type": "private_memory", "start_va": 8388608, "timestamp": "00:00:59.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1225", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:59.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 40435712, "type": "region", "version": 1 }, "end_va": 43380735, "entry_point": 40435712, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1226", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 40435712, "timestamp": "00:00:59.657", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001227-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_1227", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:59.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1736703, "entry_point": 0, "filename": null, "id": "region_1228", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:59.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1671167, "entry_point": 0, "filename": null, "id": "region_1229", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:59.664", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001285-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_1285", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:59.687", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001343-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_1343", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:59.712", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001401-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_1401", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:59.737", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001459-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_1459", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:59.763", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001491-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_1491", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:59.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957257215, "entry_point": 1957178819, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1494", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:00:59.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1884159, "entry_point": 1643149, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1495", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:00:59.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956904960, "type": "region", "version": 1 }, "end_va": 1957146623, "entry_point": 1956909709, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1500", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956904960, "timestamp": "00:00:59.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1646591, "entry_point": 0, "filename": null, "id": "region_1501", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:59.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1961156607, "entry_point": 1959650997, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1502", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:00:59.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 1703936, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1503", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:00:59.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1777663, "entry_point": 0, "filename": null, "id": "region_1504", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:59.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_1505", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:59.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1964900352, "type": "region", "version": 1 }, "end_va": 1964945407, "entry_point": 1964906898, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1506", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1964900352, "timestamp": "00:00:59.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 81920, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1916927, "entry_point": 1835008, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1507", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1835008, "timestamp": "00:00:59.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1998847, "entry_point": 1966080, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1508", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 1966080, "timestamp": "00:00:59.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 2293760, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1509", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:59.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1965228032, "type": "region", "version": 1 }, "end_va": 1965342719, "entry_point": 1965270065, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_1510", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1965228032, "timestamp": "00:00:59.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1965162496, "type": "region", "version": 1 }, "end_va": 1965191167, "entry_point": 1965167245, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_1511", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1965162496, "timestamp": "00:00:59.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_1512", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:59.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 38666239, "entry_point": 0, "filename": null, "id": "region_1513", "name": "private_0x00000000024a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38404096, "timestamp": "00:00:59.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40173568, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 0, "filename": null, "id": "region_1514", "name": "private_0x0000000002650000", "norm_filename": null, "region_type": "private_memory", "start_va": 40173568, "timestamp": "00:00:59.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1515", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:59.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1958739968, "type": "region", "version": 1 }, "end_va": 1959075839, "entry_point": 1958745278, "filename": "\\Windows\\SysWOW64\\rasapi32.dll", "id": "region_1516", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\syswow64\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1958739968, "timestamp": "00:00:59.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1964658687, "entry_point": 1964577502, "filename": "\\Windows\\SysWOW64\\rasman.dll", "id": "region_1517", "name": "rasman.dll", "norm_filename": "c:\\windows\\syswow64\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:00:59.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964560383, "entry_point": 1964512038, "filename": "\\Windows\\SysWOW64\\rtutils.dll", "id": "region_1518", "name": "rtutils.dll", "norm_filename": "c:\\windows\\syswow64\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:59.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_1519", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:59.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39124992, "type": "region", "version": 1 }, "end_va": 39387135, "entry_point": 0, "filename": null, "id": "region_1520", "name": "private_0x0000000002550000", "norm_filename": null, "region_type": "private_memory", "start_va": 39124992, "timestamp": "00:00:59.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 43909119, "entry_point": 0, "filename": null, "id": "region_1521", "name": "private_0x00000000029a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43646976, "timestamp": "00:00:59.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43974656, "type": "region", "version": 1 }, "end_va": 44236799, "entry_point": 0, "filename": null, "id": "region_1522", "name": "private_0x00000000029f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43974656, "timestamp": "00:00:59.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_1523", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:59.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_1524", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:59.871", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001525-addr_0x0000000000280000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_1525", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:59.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_1526", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:00:59.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44236800, "type": "region", "version": 1 }, "end_va": 45285375, "entry_point": 0, "filename": null, "id": "region_1527", "name": "private_0x0000000002a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 44236800, "timestamp": "00:00:59.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1964441600, "type": "region", "version": 1 }, "end_va": 1964466175, "entry_point": 1964446298, "filename": "\\Windows\\SysWOW64\\SensApi.dll", "id": "region_1528", "name": "sensapi.dll", "norm_filename": "c:\\windows\\syswow64\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1964441600, "timestamp": "00:00:59.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_1529", "name": "private_0x00000000007a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7995392, "timestamp": "00:00:59.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45613056, "type": "region", "version": 1 }, "end_va": 45875199, "entry_point": 0, "filename": null, "id": "region_1530", "name": "private_0x0000000002b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 45613056, "timestamp": "00:00:59.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1958674432, "type": "region", "version": 1 }, "end_va": 1958739967, "entry_point": 1958688961, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_1531", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1958674432, "timestamp": "00:00:59.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_1532", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:59.886", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001533-addr_0x0000000002bc0000-size_0x00000000001e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1966080, "start_va": 45875200, "type": "region", "version": 1 }, "end_va": 47841279, "entry_point": 0, "filename": null, "id": "region_1533", "name": "private_0x0000000002bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45875200, "timestamp": "00:00:59.887", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001534-addr_0x0000000002590000-size_0x00000000000b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 720896, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 40108031, "entry_point": 0, "filename": null, "id": "region_1534", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:00:59.888", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001535-addr_0x0000000002bc0000-size_0x00000000000b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 720896, "start_va": 45875200, "type": "region", "version": 1 }, "end_va": 46596095, "entry_point": 0, "filename": null, "id": "region_1535", "name": "private_0x0000000002bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45875200, "timestamp": "00:00:59.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 47775744, "type": "region", "version": 1 }, "end_va": 47841279, "entry_point": 0, "filename": null, "id": "region_1536", "name": "private_0x0000000002d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 47775744, "timestamp": "00:00:59.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958633471, "entry_point": 1958614194, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_1537", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:59.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_1538", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:00:59.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38862848, "type": "region", "version": 1 }, "end_va": 39124991, "entry_point": 0, "filename": null, "id": "region_1539", "name": "private_0x0000000002510000", "norm_filename": null, "region_type": "private_memory", "start_va": 38862848, "timestamp": "00:00:59.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46727168, "type": "region", "version": 1 }, "end_va": 46989311, "entry_point": 0, "filename": null, "id": "region_1540", "name": "private_0x0000000002c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 46727168, "timestamp": "00:00:59.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972776959, "entry_point": 1972249554, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1541", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:00:59.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_1542", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:00:59.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_1543", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:00:59.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 1957298176, "type": "region", "version": 1 }, "end_va": 1957666815, "entry_point": 1957306165, "filename": "\\Windows\\SysWOW64\\netprofm.dll", "id": "region_1544", "name": "netprofm.dll", "norm_filename": "c:\\windows\\syswow64\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 1957298176, "timestamp": "00:00:59.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956839424, "type": "region", "version": 1 }, "end_va": 1956896767, "entry_point": 1956844085, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_1545", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956839424, "timestamp": "00:00:59.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1546", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:59.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 39845887, "entry_point": 0, "filename": null, "id": "region_1547", "name": "private_0x00000000025c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39583744, "timestamp": "00:00:59.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40042496, "type": "region", "version": 1 }, "end_va": 40108031, "entry_point": 0, "filename": null, "id": "region_1548", "name": "private_0x0000000002630000", "norm_filename": null, "region_type": "private_memory", "start_va": 40042496, "timestamp": "00:00:59.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1956773888, "type": "region", "version": 1 }, "end_va": 1956806655, "entry_point": 1956785318, "filename": "\\Windows\\SysWOW64\\npmproxy.dll", "id": "region_1549", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\syswow64\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 1956773888, "timestamp": "00:00:59.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958608895, "entry_point": 1958548774, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_1550", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:59.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_1551", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:00:59.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1958412288, "type": "region", "version": 1 }, "end_va": 1958486015, "entry_point": 1958418674, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_1552", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1958412288, "timestamp": "00:00:59.933", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Explorer.EXE", "filename": "c:\\windows\\explorer.exe", "id": "proc_8", "image_name": "explorer.exe", "monitor_reason": "injection", "monitored_id": 8, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1614", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 139263, "entry_point": 0, "filename": null, "id": "region_1615", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1616", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_1617", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1618", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1619", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1620", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1621", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1622", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_1623", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_1624", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_1625", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:40.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1626", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_1627", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_1628", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 5472255, "entry_point": 0, "filename": null, "id": "region_1629", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 7081983, "entry_point": 0, "filename": null, "id": "region_1630", "name": "pagefile_0x0000000000540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5505024, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 28114943, "entry_point": 0, "filename": null, "id": "region_1631", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28114944, "type": "region", "version": 1 }, "end_va": 32255999, "entry_point": 0, "filename": null, "id": "region_1632", "name": "pagefile_0x0000000001ad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28114944, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32571391, "entry_point": 0, "filename": null, "id": "region_1633", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 33484799, "entry_point": 0, "filename": null, "id": "region_1634", "name": "pagefile_0x0000000001f10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32571392, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33492991, "entry_point": 0, "filename": null, "id": "region_1635", "name": "pagefile_0x0000000001ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33488896, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33562623, "entry_point": 0, "filename": null, "id": "region_1636", "name": "pagefile_0x0000000002000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33554432, "timestamp": "00:01:40.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 172032, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33791999, "entry_point": 0, "filename": null, "id": "region_1637", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:01:40.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 33820671, "entry_point": 0, "filename": null, "id": "region_1638", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:01:40.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 90112, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 33972223, "entry_point": 0, "filename": null, "id": "region_1639", "name": "private_0x0000000002050000", "norm_filename": null, "region_type": "private_memory", "start_va": 33882112, "timestamp": "00:01:40.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 34017279, "entry_point": 0, "filename": null, "id": "region_1640", "name": "pagefile_0x0000000002070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34013184, "timestamp": "00:01:40.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34086911, "entry_point": 0, "filename": null, "id": "region_1641", "name": "pagefile_0x0000000002080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34078720, "timestamp": "00:01:40.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34144256, "type": "region", "version": 1 }, "end_va": 34668543, "entry_point": 0, "filename": null, "id": "region_1642", "name": "private_0x0000000002090000", "norm_filename": null, "region_type": "private_memory", "start_va": 34144256, "timestamp": "00:01:40.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 442368, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 35110911, "entry_point": 0, "filename": null, "id": "region_1643", "name": "private_0x0000000002110000", "norm_filename": null, "region_type": "private_memory", "start_va": 34668544, "timestamp": "00:01:40.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 35131391, "entry_point": 0, "filename": null, "id": "region_1644", "name": "private_0x0000000002180000", "norm_filename": null, "region_type": "private_memory", "start_va": 35127296, "timestamp": "00:01:40.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35192832, "type": "region", "version": 1 }, "end_va": 35196927, "entry_point": 0, "filename": null, "id": "region_1645", "name": "private_0x0000000002190000", "norm_filename": null, "region_type": "private_memory", "start_va": 35192832, "timestamp": "00:01:40.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 35782655, "entry_point": 0, "filename": null, "id": "region_1646", "name": "private_0x00000000021a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35258368, "timestamp": "00:01:40.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 38727679, "entry_point": 35782656, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1647", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35782656, "timestamp": "00:01:40.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 38731776, "type": "region", "version": 1 }, "end_va": 38739967, "entry_point": 0, "filename": null, "id": "region_1648", "name": "pagefile_0x00000000024f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38731776, "timestamp": "00:01:40.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 38797312, "type": "region", "version": 1 }, "end_va": 38805503, "entry_point": 0, "filename": null, "id": "region_1649", "name": "pagefile_0x0000000002500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38797312, "timestamp": "00:01:40.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 38862848, "type": "region", "version": 1 }, "end_va": 38875135, "entry_point": 38862848, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui", "id": "region_1650", "name": "comctl32.dll.mui", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui", "region_type": "memory_mapped_file", "start_va": 38862848, "timestamp": "00:01:40.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38928384, "type": "region", "version": 1 }, "end_va": 38932479, "entry_point": 0, "filename": null, "id": "region_1651", "name": "private_0x0000000002520000", "norm_filename": null, "region_type": "private_memory", "start_va": 38928384, "timestamp": "00:01:40.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 114688, "start_va": 38993920, "type": "region", "version": 1 }, "end_va": 39108607, "entry_point": 0, "filename": null, "id": "region_1652", "name": "private_0x0000000002530000", "norm_filename": null, "region_type": "private_memory", "start_va": 38993920, "timestamp": "00:01:40.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39124992, "type": "region", "version": 1 }, "end_va": 39129087, "entry_point": 0, "filename": null, "id": "region_1653", "name": "private_0x0000000002550000", "norm_filename": null, "region_type": "private_memory", "start_va": 39124992, "timestamp": "00:01:40.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 39190528, "type": "region", "version": 1 }, "end_va": 39227391, "entry_point": 0, "filename": null, "id": "region_1654", "name": "private_0x0000000002560000", "norm_filename": null, "region_type": "private_memory", "start_va": 39190528, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 39256064, "type": "region", "version": 1 }, "end_va": 39288831, "entry_point": 0, "filename": null, "id": "region_1655", "name": "private_0x0000000002570000", "norm_filename": null, "region_type": "private_memory", "start_va": 39256064, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 159744, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 39481343, "entry_point": 39321600, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db", "id": "region_1656", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "region_type": "memory_mapped_file", "start_va": 39321600, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 39522303, "entry_point": 0, "filename": null, "id": "region_1657", "name": "pagefile_0x00000000025b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39518208, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 39600127, "entry_point": 39583744, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1658", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 39583744, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 39665663, "entry_point": 39649280, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1659", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 39649280, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 39723007, "entry_point": 0, "filename": null, "id": "region_1660", "name": "pagefile_0x00000000025e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39714816, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 688128, "start_va": 39780352, "type": "region", "version": 1 }, "end_va": 40468479, "entry_point": 0, "filename": null, "id": "region_1661", "name": "private_0x00000000025f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39780352, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 40501248, "type": "region", "version": 1 }, "end_va": 40509439, "entry_point": 0, "filename": null, "id": "region_1662", "name": "pagefile_0x00000000026a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40501248, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 40566784, "type": "region", "version": 1 }, "end_va": 40763391, "entry_point": 40566784, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db", "id": "region_1663", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db", "region_type": "memory_mapped_file", "start_va": 40566784, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 40771583, "entry_point": 0, "filename": null, "id": "region_1664", "name": "pagefile_0x00000000026e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40763392, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 40828928, "type": "region", "version": 1 }, "end_va": 40845311, "entry_point": 0, "filename": null, "id": "region_1665", "name": "private_0x00000000026f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40828928, "timestamp": "00:01:40.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 40959999, "entry_point": 0, "filename": null, "id": "region_1666", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:01:40.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 40976383, "entry_point": 0, "filename": null, "id": "region_1667", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:01:40.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 41025536, "type": "region", "version": 1 }, "end_va": 41033727, "entry_point": 0, "filename": null, "id": "region_1668", "name": "pagefile_0x0000000002720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41025536, "timestamp": "00:01:40.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_1669", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:01:40.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41160703, "entry_point": 0, "filename": null, "id": "region_1670", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:01:40.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 41222144, "type": "region", "version": 1 }, "end_va": 41226239, "entry_point": 0, "filename": null, "id": "region_1671", "name": "private_0x0000000002750000", "norm_filename": null, "region_type": "private_memory", "start_va": 41222144, "timestamp": "00:01:40.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 41353215, "entry_point": 0, "filename": null, "id": "region_1672", "name": "private_0x0000000002760000", "norm_filename": null, "region_type": "private_memory", "start_va": 41287680, "timestamp": "00:01:40.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 42401791, "entry_point": 0, "filename": null, "id": "region_1673", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:01:40.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42405887, "entry_point": 0, "filename": null, "id": "region_1674", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:01:40.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42471423, "entry_point": 0, "filename": null, "id": "region_1675", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:01:40.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 43057151, "entry_point": 0, "filename": null, "id": "region_1676", "name": "private_0x0000000002890000", "norm_filename": null, "region_type": "private_memory", "start_va": 42532864, "timestamp": "00:01:40.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 294912, "start_va": 43057152, "type": "region", "version": 1 }, "end_va": 43352063, "entry_point": 0, "filename": null, "id": "region_1677", "name": "private_0x0000000002910000", "norm_filename": null, "region_type": "private_memory", "start_va": 43057152, "timestamp": "00:01:40.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43401215, "entry_point": 0, "filename": null, "id": "region_1678", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:01:40.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43450368, "type": "region", "version": 1 }, "end_va": 43454463, "entry_point": 0, "filename": null, "id": "region_1679", "name": "private_0x0000000002970000", "norm_filename": null, "region_type": "private_memory", "start_va": 43450368, "timestamp": "00:01:40.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43515904, "type": "region", "version": 1 }, "end_va": 43519999, "entry_point": 0, "filename": null, "id": "region_1680", "name": "private_0x0000000002980000", "norm_filename": null, "region_type": "private_memory", "start_va": 43515904, "timestamp": "00:01:40.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 44630015, "entry_point": 0, "filename": null, "id": "region_1681", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:01:40.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44630016, "type": "region", "version": 1 }, "end_va": 45678591, "entry_point": 0, "filename": null, "id": "region_1682", "name": "private_0x0000000002a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 44630016, "timestamp": "00:01:40.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 45744128, "type": "region", "version": 1 }, "end_va": 45809663, "entry_point": 45744128, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017082220170823\\index.dat", "id": "region_1683", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012017082220170823\\index.dat", "region_type": "memory_mapped_file", "start_va": 45744128, "timestamp": "00:01:40.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 45809664, "type": "region", "version": 1 }, "end_va": 45875199, "entry_point": 45809664, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1684", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 45809664, "timestamp": "00:01:40.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 45875200, "type": "region", "version": 1 }, "end_va": 46399487, "entry_point": 0, "filename": null, "id": "region_1685", "name": "private_0x0000000002bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45875200, "timestamp": "00:01:40.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 46645247, "entry_point": 0, "filename": null, "id": "region_1686", "name": "private_0x0000000002c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 46399488, "timestamp": "00:01:40.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 47775744, "type": "region", "version": 1 }, "end_va": 51195903, "entry_point": 0, "filename": null, "id": "region_1687", "name": "pagefile_0x0000000002d90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 47775744, "timestamp": "00:01:40.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51249152, "type": "region", "version": 1 }, "end_va": 51253247, "entry_point": 0, "filename": null, "id": "region_1688", "name": "private_0x00000000030e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51249152, "timestamp": "00:01:40.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 51314688, "type": "region", "version": 1 }, "end_va": 51838975, "entry_point": 0, "filename": null, "id": "region_1689", "name": "private_0x00000000030f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51314688, "timestamp": "00:01:40.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51838976, "type": "region", "version": 1 }, "end_va": 51843071, "entry_point": 0, "filename": null, "id": "region_1690", "name": "private_0x0000000003170000", "norm_filename": null, "region_type": "private_memory", "start_va": 51838976, "timestamp": "00:01:40.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 51904512, "type": "region", "version": 1 }, "end_va": 52428799, "entry_point": 0, "filename": null, "id": "region_1691", "name": "private_0x0000000003180000", "norm_filename": null, "region_type": "private_memory", "start_va": 51904512, "timestamp": "00:01:40.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 52428800, "type": "region", "version": 1 }, "end_va": 52432895, "entry_point": 0, "filename": null, "id": "region_1692", "name": "pagefile_0x0000000003200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 52428800, "timestamp": "00:01:40.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52494336, "type": "region", "version": 1 }, "end_va": 52498431, "entry_point": 52494336, "filename": "\\Windows\\System32\\en-US\\wdmaud.drv.mui", "id": "region_1693", "name": "wdmaud.drv.mui", "norm_filename": "c:\\windows\\system32\\en-us\\wdmaud.drv.mui", "region_type": "memory_mapped_file", "start_va": 52494336, "timestamp": "00:01:40.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52559872, "type": "region", "version": 1 }, "end_va": 52563967, "entry_point": 52559872, "filename": "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui", "id": "region_1694", "name": "mmdevapi.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui", "region_type": "memory_mapped_file", "start_va": 52559872, "timestamp": "00:01:40.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 52625408, "type": "region", "version": 1 }, "end_va": 52633599, "entry_point": 0, "filename": null, "id": "region_1695", "name": "pagefile_0x0000000003230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 52625408, "timestamp": "00:01:40.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 52699135, "entry_point": 0, "filename": null, "id": "region_1696", "name": "pagefile_0x0000000003240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 52690944, "timestamp": "00:01:40.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 52756480, "type": "region", "version": 1 }, "end_va": 52772863, "entry_point": 52756480, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1697", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 52756480, "timestamp": "00:01:40.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 52822016, "type": "region", "version": 1 }, "end_va": 53346303, "entry_point": 0, "filename": null, "id": "region_1698", "name": "private_0x0000000003260000", "norm_filename": null, "region_type": "private_memory", "start_va": 52822016, "timestamp": "00:01:40.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53346304, "type": "region", "version": 1 }, "end_va": 53350399, "entry_point": 0, "filename": null, "id": "region_1699", "name": "private_0x00000000032e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53346304, "timestamp": "00:01:40.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 53411840, "type": "region", "version": 1 }, "end_va": 53936127, "entry_point": 0, "filename": null, "id": "region_1700", "name": "private_0x00000000032f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53411840, "timestamp": "00:01:40.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 53936128, "type": "region", "version": 1 }, "end_va": 54353919, "entry_point": 53936128, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1701", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 53936128, "timestamp": "00:01:40.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 54394880, "type": "region", "version": 1 }, "end_va": 54919167, "entry_point": 0, "filename": null, "id": "region_1702", "name": "private_0x00000000033e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54394880, "timestamp": "00:01:40.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 54919168, "type": "region", "version": 1 }, "end_va": 64552959, "entry_point": 54919168, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1703", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 54919168, "timestamp": "00:01:40.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 64552960, "type": "region", "version": 1 }, "end_va": 64557055, "entry_point": 0, "filename": null, "id": "region_1704", "name": "private_0x0000000003d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 64552960, "timestamp": "00:01:40.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 64618496, "type": "region", "version": 1 }, "end_va": 64622591, "entry_point": 0, "filename": null, "id": "region_1705", "name": "private_0x0000000003da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 64618496, "timestamp": "00:01:40.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 64684032, "type": "region", "version": 1 }, "end_va": 65208319, "entry_point": 0, "filename": null, "id": "region_1706", "name": "private_0x0000000003db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 64684032, "timestamp": "00:01:40.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 65208320, "type": "region", "version": 1 }, "end_va": 65212415, "entry_point": 0, "filename": null, "id": "region_1707", "name": "private_0x0000000003e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 65208320, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 65273856, "type": "region", "version": 1 }, "end_va": 65277951, "entry_point": 0, "filename": null, "id": "region_1708", "name": "private_0x0000000003e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 65273856, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 65339392, "type": "region", "version": 1 }, "end_va": 65343487, "entry_point": 0, "filename": null, "id": "region_1709", "name": "private_0x0000000003e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 65339392, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 65404928, "type": "region", "version": 1 }, "end_va": 65413119, "entry_point": 0, "filename": null, "id": "region_1710", "name": "pagefile_0x0000000003e60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65404928, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 65470464, "type": "region", "version": 1 }, "end_va": 65474559, "entry_point": 65470464, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db", "id": "region_1711", "name": "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 65470464, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 65536000, "type": "region", "version": 1 }, "end_va": 65552383, "entry_point": 65536000, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1712", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 65536000, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 65601536, "type": "region", "version": 1 }, "end_va": 65605631, "entry_point": 65601536, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{B33C4F4B-938B-4CB1-BC05-F090B0A61A1A}.2.ver0x0000000000000001.db", "id": "region_1713", "name": "{b33c4f4b-938b-4cb1-bc05-f090b0a61a1a}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{b33c4f4b-938b-4cb1-bc05-f090b0a61a1a}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 65601536, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 65667072, "type": "region", "version": 1 }, "end_va": 65683455, "entry_point": 65667072, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1714", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 65667072, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 65732608, "type": "region", "version": 1 }, "end_va": 65736703, "entry_point": 65732608, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{D299ADBB-3C80-401E-9A81-68EE95177A1C}.2.ver0x0000000000000001.db", "id": "region_1715", "name": "{d299adbb-3c80-401e-9a81-68ee95177a1c}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{d299adbb-3c80-401e-9a81-68ee95177a1c}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 65732608, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 65798144, "type": "region", "version": 1 }, "end_va": 65802239, "entry_point": 0, "filename": null, "id": "region_1716", "name": "private_0x0000000003ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65798144, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 65863680, "type": "region", "version": 1 }, "end_va": 65880063, "entry_point": 65863680, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1717", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 65863680, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 65994752, "type": "region", "version": 1 }, "end_va": 66519039, "entry_point": 0, "filename": null, "id": "region_1718", "name": "private_0x0000000003ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65994752, "timestamp": "00:01:40.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 66519040, "type": "region", "version": 1 }, "end_va": 66523135, "entry_point": 0, "filename": null, "id": "region_1719", "name": "private_0x0000000003f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 66519040, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 66584576, "type": "region", "version": 1 }, "end_va": 66592767, "entry_point": 0, "filename": null, "id": "region_1720", "name": "pagefile_0x0000000003f80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 66584576, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 66650112, "type": "region", "version": 1 }, "end_va": 66658303, "entry_point": 0, "filename": null, "id": "region_1721", "name": "pagefile_0x0000000003f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 66650112, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 66715648, "type": "region", "version": 1 }, "end_va": 67043327, "entry_point": 0, "filename": null, "id": "region_1722", "name": "private_0x0000000003fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66715648, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 67043328, "type": "region", "version": 1 }, "end_va": 67051519, "entry_point": 0, "filename": null, "id": "region_1723", "name": "pagefile_0x0000000003ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 67043328, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 67108864, "type": "region", "version": 1 }, "end_va": 67117055, "entry_point": 0, "filename": null, "id": "region_1724", "name": "pagefile_0x0000000004000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 67108864, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 67174400, "type": "region", "version": 1 }, "end_va": 67182591, "entry_point": 0, "filename": null, "id": "region_1725", "name": "private_0x0000000004010000", "norm_filename": null, "region_type": "private_memory", "start_va": 67174400, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 67239936, "type": "region", "version": 1 }, "end_va": 67248127, "entry_point": 0, "filename": null, "id": "region_1726", "name": "pagefile_0x0000000004020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 67239936, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 67305472, "type": "region", "version": 1 }, "end_va": 67309567, "entry_point": 67305472, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_1727", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 67305472, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 67371008, "type": "region", "version": 1 }, "end_va": 67379199, "entry_point": 0, "filename": null, "id": "region_1728", "name": "pagefile_0x0000000004040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 67371008, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 67436544, "type": "region", "version": 1 }, "end_va": 67444735, "entry_point": 0, "filename": null, "id": "region_1729", "name": "pagefile_0x0000000004050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 67436544, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 67633152, "type": "region", "version": 1 }, "end_va": 67661823, "entry_point": 67633152, "filename": "\\Windows\\System32\\en-US\\bthprops.cpl.mui", "id": "region_1730", "name": "bthprops.cpl.mui", "norm_filename": "c:\\windows\\system32\\en-us\\bthprops.cpl.mui", "region_type": "memory_mapped_file", "start_va": 67633152, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 67698688, "type": "region", "version": 1 }, "end_va": 67706879, "entry_point": 0, "filename": null, "id": "region_1731", "name": "pagefile_0x0000000004090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 67698688, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 67764224, "type": "region", "version": 1 }, "end_va": 67772415, "entry_point": 0, "filename": null, "id": "region_1732", "name": "pagefile_0x00000000040a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 67764224, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 67829760, "type": "region", "version": 1 }, "end_va": 67846143, "entry_point": 67829760, "filename": "\\Windows\\System32\\en-US\\prnfldr.dll.mui", "id": "region_1733", "name": "prnfldr.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\prnfldr.dll.mui", "region_type": "memory_mapped_file", "start_va": 67829760, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 67895296, "type": "region", "version": 1 }, "end_va": 67964927, "entry_point": 67895296, "filename": "\\Windows\\System32\\en-US\\netshell.dll.mui", "id": "region_1734", "name": "netshell.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\netshell.dll.mui", "region_type": "memory_mapped_file", "start_va": 67895296, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68091904, "type": "region", "version": 1 }, "end_va": 68095999, "entry_point": 0, "filename": null, "id": "region_1735", "name": "pagefile_0x00000000040f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68091904, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68222976, "type": "region", "version": 1 }, "end_va": 68227071, "entry_point": 0, "filename": null, "id": "region_1736", "name": "pagefile_0x0000000004110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68222976, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68288512, "type": "region", "version": 1 }, "end_va": 68812799, "entry_point": 0, "filename": null, "id": "region_1737", "name": "private_0x0000000004120000", "norm_filename": null, "region_type": "private_memory", "start_va": 68288512, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 68812800, "type": "region", "version": 1 }, "end_va": 68816895, "entry_point": 0, "filename": null, "id": "region_1738", "name": "pagefile_0x00000000041a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68812800, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68878336, "type": "region", "version": 1 }, "end_va": 68882431, "entry_point": 0, "filename": null, "id": "region_1739", "name": "pagefile_0x00000000041b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68878336, "timestamp": "00:01:40.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 68943872, "type": "region", "version": 1 }, "end_va": 69468159, "entry_point": 0, "filename": null, "id": "region_1740", "name": "private_0x00000000041c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68943872, "timestamp": "00:01:40.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69468160, "type": "region", "version": 1 }, "end_va": 69472255, "entry_point": 0, "filename": null, "id": "region_1741", "name": "private_0x0000000004240000", "norm_filename": null, "region_type": "private_memory", "start_va": 69468160, "timestamp": "00:01:40.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69533696, "type": "region", "version": 1 }, "end_va": 69537791, "entry_point": 0, "filename": null, "id": "region_1742", "name": "pagefile_0x0000000004250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 69533696, "timestamp": "00:01:40.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 69599232, "type": "region", "version": 1 }, "end_va": 70123519, "entry_point": 0, "filename": null, "id": "region_1743", "name": "private_0x0000000004260000", "norm_filename": null, "region_type": "private_memory", "start_va": 69599232, "timestamp": "00:01:40.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 81920, "start_va": 70385664, "type": "region", "version": 1 }, "end_va": 70467583, "entry_point": 70385664, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1744", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 70385664, "timestamp": "00:01:40.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 70516736, "type": "region", "version": 1 }, "end_va": 70549503, "entry_point": 70516736, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1745", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 70516736, "timestamp": "00:01:40.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 71172096, "type": "region", "version": 1 }, "end_va": 71434239, "entry_point": 71172096, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat", "id": "region_1746", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat", "region_type": "memory_mapped_file", "start_va": 71172096, "timestamp": "00:01:40.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 71434240, "type": "region", "version": 1 }, "end_va": 71438335, "entry_point": 0, "filename": null, "id": "region_1747", "name": "pagefile_0x0000000004420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 71434240, "timestamp": "00:01:40.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 71565312, "type": "region", "version": 1 }, "end_va": 72089599, "entry_point": 0, "filename": null, "id": "region_1748", "name": "private_0x0000000004440000", "norm_filename": null, "region_type": "private_memory", "start_va": 71565312, "timestamp": "00:01:40.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 72548352, "type": "region", "version": 1 }, "end_va": 73072639, "entry_point": 0, "filename": null, "id": "region_1749", "name": "private_0x0000000004530000", "norm_filename": null, "region_type": "private_memory", "start_va": 72548352, "timestamp": "00:01:40.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 73072640, "type": "region", "version": 1 }, "end_va": 75169791, "entry_point": 0, "filename": null, "id": "region_1750", "name": "private_0x00000000045b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73072640, "timestamp": "00:01:40.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 75628544, "type": "region", "version": 1 }, "end_va": 76152831, "entry_point": 0, "filename": null, "id": "region_1751", "name": "private_0x0000000004820000", "norm_filename": null, "region_type": "private_memory", "start_va": 75628544, "timestamp": "00:01:40.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 76218368, "type": "region", "version": 1 }, "end_va": 76742655, "entry_point": 0, "filename": null, "id": "region_1752", "name": "private_0x00000000048b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76218368, "timestamp": "00:01:40.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 77725696, "type": "region", "version": 1 }, "end_va": 78249983, "entry_point": 0, "filename": null, "id": "region_1753", "name": "private_0x0000000004a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 77725696, "timestamp": "00:01:40.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 78512128, "type": "region", "version": 1 }, "end_va": 79036415, "entry_point": 0, "filename": null, "id": "region_1754", "name": "private_0x0000000004ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 78512128, "timestamp": "00:01:40.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 79364096, "type": "region", "version": 1 }, "end_va": 79888383, "entry_point": 0, "filename": null, "id": "region_1755", "name": "private_0x0000000004bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 79364096, "timestamp": "00:01:40.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 80740352, "type": "region", "version": 1 }, "end_va": 81264639, "entry_point": 0, "filename": null, "id": "region_1756", "name": "private_0x0000000004d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 80740352, "timestamp": "00:01:40.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4206592, "start_va": 85262336, "type": "region", "version": 1 }, "end_va": 89468927, "entry_point": 0, "filename": null, "id": "region_1757", "name": "private_0x0000000005150000", "norm_filename": null, "region_type": "private_memory", "start_va": 85262336, "timestamp": "00:01:40.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 89587712, "type": "region", "version": 1 }, "end_va": 90111999, "entry_point": 0, "filename": null, "id": "region_1758", "name": "private_0x0000000005570000", "norm_filename": null, "region_type": "private_memory", "start_va": 89587712, "timestamp": "00:01:40.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 90570752, "type": "region", "version": 1 }, "end_va": 91095039, "entry_point": 0, "filename": null, "id": "region_1759", "name": "private_0x0000000005660000", "norm_filename": null, "region_type": "private_memory", "start_va": 90570752, "timestamp": "00:01:40.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 91422720, "type": "region", "version": 1 }, "end_va": 91947007, "entry_point": 0, "filename": null, "id": "region_1760", "name": "private_0x0000000005730000", "norm_filename": null, "region_type": "private_memory", "start_va": 91422720, "timestamp": "00:01:40.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 92471296, "type": "region", "version": 1 }, "end_va": 92995583, "entry_point": 0, "filename": null, "id": "region_1761", "name": "private_0x0000000005830000", "norm_filename": null, "region_type": "private_memory", "start_va": 92471296, "timestamp": "00:01:40.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20271104, "start_va": 93782016, "type": "region", "version": 1 }, "end_va": 114053119, "entry_point": 93782016, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1762", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 93782016, "timestamp": "00:01:40.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 114491392, "type": "region", "version": 1 }, "end_va": 115015679, "entry_point": 0, "filename": null, "id": "region_1763", "name": "private_0x0000000006d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 114491392, "timestamp": "00:01:40.674", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"taskhost.exe\"", "filename": "c:\\windows\\system32\\taskhost.exe", "id": "proc_10", "image_name": "taskhost.exe", "monitor_reason": "injection", "monitored_id": 10, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2231", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2232", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2233", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2234", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_2235", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_2236", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_2237", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_2238", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_2239", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1056767, "entry_point": 0, "filename": null, "id": "region_2240", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1359871, "entry_point": 0, "filename": null, "id": "region_2241", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_2242", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_2243", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_2244", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_2245", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 6389759, "entry_point": 0, "filename": null, "id": "region_2246", "name": "pagefile_0x0000000000490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4784128, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7999487, "entry_point": 0, "filename": null, "id": "region_2247", "name": "pagefile_0x0000000000620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6422528, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 29032447, "entry_point": 0, "filename": null, "id": "region_2248", "name": "pagefile_0x00000000007b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8060928, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 29032448, "type": "region", "version": 1 }, "end_va": 33173503, "entry_point": 0, "filename": null, "id": "region_2249", "name": "pagefile_0x0000000001bb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29032448, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 34013183, "entry_point": 0, "filename": null, "id": "region_2250", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34603007, "entry_point": 0, "filename": null, "id": "region_2251", "name": "private_0x0000000002080000", "norm_filename": null, "region_type": "private_memory", "start_va": 34078720, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 35192831, "entry_point": 0, "filename": null, "id": "region_2252", "name": "private_0x0000000002110000", "norm_filename": null, "region_type": "private_memory", "start_va": 34668544, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 35192832, "type": "region", "version": 1 }, "end_va": 36106239, "entry_point": 0, "filename": null, "id": "region_2253", "name": "pagefile_0x0000000002190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35192832, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 36700159, "entry_point": 0, "filename": null, "id": "region_2254", "name": "private_0x0000000002280000", "norm_filename": null, "region_type": "private_memory", "start_va": 36175872, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 36700160, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_2255", "name": "private_0x0000000002300000", "norm_filename": null, "region_type": "private_memory", "start_va": 36700160, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 38731775, "entry_point": 37945344, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_2256", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 37945344, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 40632320, "type": "region", "version": 1 }, "end_va": 41156607, "entry_point": 0, "filename": null, "id": "region_2257", "name": "private_0x00000000026c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40632320, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41680895, "entry_point": 0, "filename": null, "id": "region_2258", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 42270719, "entry_point": 0, "filename": null, "id": "region_2259", "name": "private_0x00000000027d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41746432, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_2260", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 43122688, "type": "region", "version": 1 }, "end_va": 43188223, "entry_point": 0, "filename": null, "id": "region_2261", "name": "private_0x0000000002920000", "norm_filename": null, "region_type": "private_memory", "start_va": 43122688, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_2262", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43778048, "type": "region", "version": 1 }, "end_va": 44302335, "entry_point": 0, "filename": null, "id": "region_2263", "name": "private_0x00000000029c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43778048, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 44302336, "type": "region", "version": 1 }, "end_va": 47247359, "entry_point": 44302336, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2264", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 44302336, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2265", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2266", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2267", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2268", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2269", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2270", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 4280287232, "type": "region", "version": 1 }, "end_va": 4280369151, "entry_point": 4280298720, "filename": "\\Windows\\System32\\taskhost.exe", "id": "region_2271", "name": "taskhost.exe", "norm_filename": "c:\\windows\\system32\\taskhost.exe", "region_type": "memory_mapped_file", "start_va": 4280287232, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791637950464, "type": "region", "version": 1 }, "end_va": 8791638192127, "entry_point": 8791637959408, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_2272", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 8791637950464, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791638212608, "type": "region", "version": 1 }, "end_va": 8791638261759, "entry_point": 8791638237228, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_2273", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791638212608, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791640506368, "type": "region", "version": 1 }, "end_va": 8791640563711, "entry_point": 8791640530216, "filename": "\\Windows\\System32\\dimsjob.dll", "id": "region_2274", "name": "dimsjob.dll", "norm_filename": "c:\\windows\\system32\\dimsjob.dll", "region_type": "memory_mapped_file", "start_va": 8791640506368, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 8791664033792, "type": "region", "version": 1 }, "end_va": 8791664508927, "entry_point": 8791664060144, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_2275", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 8791664033792, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791674650624, "type": "region", "version": 1 }, "end_va": 8791674695679, "entry_point": 8791674669272, "filename": "\\Windows\\System32\\HotStartUserAgent.dll", "id": "region_2276", "name": "hotstartuseragent.dll", "norm_filename": "c:\\windows\\system32\\hotstartuseragent.dll", "region_type": "memory_mapped_file", "start_va": 8791674650624, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791674716160, "type": "region", "version": 1 }, "end_va": 8791674966015, "entry_point": 8791674723292, "filename": "\\Windows\\System32\\msutb.dll", "id": "region_2277", "name": "msutb.dll", "norm_filename": "c:\\windows\\system32\\msutb.dll", "region_type": "memory_mapped_file", "start_va": 8791674716160, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791674978304, "type": "region", "version": 1 }, "end_va": 8791675023359, "entry_point": 8791674983056, "filename": "\\Windows\\System32\\MsCtfMonitor.dll", "id": "region_2278", "name": "msctfmonitor.dll", "norm_filename": "c:\\windows\\system32\\msctfmonitor.dll", "region_type": "memory_mapped_file", "start_va": 8791674978304, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791701913600, "type": "region", "version": 1 }, "end_va": 8791702011903, "entry_point": 8791701919280, "filename": "\\Windows\\System32\\PlaySndSrv.dll", "id": "region_2279", "name": "playsndsrv.dll", "norm_filename": "c:\\windows\\system32\\playsndsrv.dll", "region_type": "memory_mapped_file", "start_va": 8791701913600, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791712858112, "type": "region", "version": 1 }, "end_va": 8791712956415, "entry_point": 8791712862512, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_2280", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791712858112, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717273599, "entry_point": 8791716969408, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2281", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791723343872, "type": "region", "version": 1 }, "end_va": 8791723388927, "entry_point": 8791723364236, "filename": "\\Windows\\System32\\slc.dll", "id": "region_2282", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791723343872, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791723409408, "type": "region", "version": 1 }, "end_va": 8791723458559, "entry_point": 8791723415000, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_2283", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 8791723409408, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791723933696, "type": "region", "version": 1 }, "end_va": 8791724003327, "entry_point": 8791723937904, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_2284", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791723933696, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791724064768, "type": "region", "version": 1 }, "end_va": 8791724150783, "entry_point": 8791724089560, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_2285", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 8791724064768, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1208320, "start_va": 8791725309952, "type": "region", "version": 1 }, "end_va": 8791726518271, "entry_point": 8791725314284, "filename": "\\Windows\\System32\\taskschd.dll", "id": "region_2286", "name": "taskschd.dll", "norm_filename": "c:\\windows\\system32\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 8791725309952, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791741825024, "type": "region", "version": 1 }, "end_va": 8791742115839, "entry_point": 8791741829220, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2287", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791741825024, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746441215, "entry_point": 8791746359992, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2288", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751348223, "entry_point": 8791751235160, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2289", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791751393280, "type": "region", "version": 1 }, "end_va": 8791751454719, "entry_point": 8791751397392, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2290", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751393280, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791752114176, "type": "region", "version": 1 }, "end_va": 8791752364031, "entry_point": 8791752120564, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_2291", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791752114176, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791752376320, "type": "region", "version": 1 }, "end_va": 8791752458239, "entry_point": 8791752380640, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2292", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791752376320, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2293", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2294", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791757750272, "type": "region", "version": 1 }, "end_va": 8791758376959, "entry_point": 8791757757456, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2295", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791757750272, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2296", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2297", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2298", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2299", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2300", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2301", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791781158911, "entry_point": 8791779193648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2302", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791784095744, "type": "region", "version": 1 }, "end_va": 8791784558591, "entry_point": 8791784168992, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2303", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791784095744, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2304", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791787175936, "type": "region", "version": 1 }, "end_va": 8791787208703, "entry_point": 8791787181316, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2305", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791787175936, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2306", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791787372544, "type": "region", "version": 1 }, "end_va": 8791788253183, "entry_point": 8791787385460, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2307", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791787372544, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2308", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_2309", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_2310", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_2311", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_2312", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_2313", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_2314", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2315", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_2316", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_2317", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_2318", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_2319", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2320", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:43.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_2324", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:43.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39911424, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 0, "filename": null, "id": "region_2649", "name": "private_0x0000000002610000", "norm_filename": null, "region_type": "private_memory", "start_va": 39911424, "timestamp": "00:01:44.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_2650", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:44.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791764172800, "type": "region", "version": 1 }, "end_va": 8791778361343, "entry_point": 8791764684476, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2651", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791764172800, "timestamp": "00:01:44.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791789535232, "type": "region", "version": 1 }, "end_va": 8791789850623, "entry_point": 8791789539440, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2652", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791789535232, "timestamp": "00:01:44.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 37879807, "entry_point": 0, "filename": null, "id": "region_2653", "name": "private_0x0000000002380000", "norm_filename": null, "region_type": "private_memory", "start_va": 37224448, "timestamp": "00:01:44.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791788290048, "type": "region", "version": 1 }, "end_va": 8791789510655, "entry_point": 8791788294356, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_2654", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 8791788290048, "timestamp": "00:01:44.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1540096, "start_va": 8791760175104, "type": "region", "version": 1 }, "end_va": 8791761715199, "entry_point": 8791760179424, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_2655", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 8791760175104, "timestamp": "00:01:44.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791754997760, "type": "region", "version": 1 }, "end_va": 8791756468223, "entry_point": 8791755002048, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_2656", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791754997760, "timestamp": "00:01:44.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791753162752, "type": "region", "version": 1 }, "end_va": 8791753224191, "entry_point": 8791753166880, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_2657", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791753162752, "timestamp": "00:01:44.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2461696, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791787147263, "entry_point": 8791784690496, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_2658", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:44.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 48496640, "type": "region", "version": 1 }, "end_va": 49020927, "entry_point": 0, "filename": null, "id": "region_2798", "name": "private_0x0000000002e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 48496640, "timestamp": "00:01:44.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_2799", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:01:44.492", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\Dwm.exe\"", "filename": "c:\\windows\\system32\\dwm.exe", "id": "proc_11", "image_name": "dwm.exe", "monitor_reason": "injection", "monitored_id": 11, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2584", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2585", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2586", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_2587", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2588", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_2589", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_2590", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_2591", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_2592", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_2593", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_2594", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_2595", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_2596", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 4489215, "entry_point": 0, "filename": null, "id": "region_2597", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 6098943, "entry_point": 0, "filename": null, "id": "region_2598", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 27131903, "entry_point": 0, "filename": null, "id": "region_2599", "name": "pagefile_0x00000000005e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6160384, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 27131904, "type": "region", "version": 1 }, "end_va": 31272959, "entry_point": 0, "filename": null, "id": "region_2600", "name": "pagefile_0x00000000019e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27131904, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31326208, "type": "region", "version": 1 }, "end_va": 32374783, "entry_point": 0, "filename": null, "id": "region_2601", "name": "private_0x0000000001de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31326208, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 33288191, "entry_point": 0, "filename": null, "id": "region_2602", "name": "pagefile_0x0000000001ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32374784, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33423359, "entry_point": 0, "filename": null, "id": "region_2603", "name": "private_0x0000000001fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33357824, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 33669119, "entry_point": 0, "filename": null, "id": "region_2604", "name": "private_0x0000000001fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33423360, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34603007, "entry_point": 0, "filename": null, "id": "region_2605", "name": "private_0x0000000002080000", "norm_filename": null, "region_type": "private_memory", "start_va": 34078720, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 35454975, "entry_point": 0, "filename": null, "id": "region_2606", "name": "private_0x0000000002150000", "norm_filename": null, "region_type": "private_memory", "start_va": 34930688, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 35979263, "entry_point": 0, "filename": null, "id": "region_2607", "name": "private_0x00000000021d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35454976, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 36765696, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_2608", "name": "private_0x0000000002310000", "norm_filename": null, "region_type": "private_memory", "start_va": 36765696, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 37289984, "type": "region", "version": 1 }, "end_va": 40235007, "entry_point": 37289984, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2609", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 37289984, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 41287679, "entry_point": 0, "filename": null, "id": "region_2610", "name": "private_0x0000000002660000", "norm_filename": null, "region_type": "private_memory", "start_va": 40239104, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2611", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2612", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2613", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2003922943, "entry_point": 2003898476, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_2614", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2615", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2616", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2617", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 4279304192, "type": "region", "version": 1 }, "end_va": 4279447551, "entry_point": 4279323092, "filename": "\\Windows\\System32\\dwm.exe", "id": "region_2618", "name": "dwm.exe", "norm_filename": "c:\\windows\\system32\\dwm.exe", "region_type": "memory_mapped_file", "start_va": 4279304192, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 8791698636800, "type": "region", "version": 1 }, "end_va": 8791699320831, "entry_point": 8791698703628, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_2619", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 8791698636800, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791699357696, "type": "region", "version": 1 }, "end_va": 8791699705855, "entry_point": 8791699581728, "filename": "\\Windows\\System32\\d3d10_1core.dll", "id": "region_2620", "name": "d3d10_1core.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1core.dll", "region_type": "memory_mapped_file", "start_va": 8791699357696, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791699750912, "type": "region", "version": 1 }, "end_va": 8791699963903, "entry_point": 8791699913900, "filename": "\\Windows\\System32\\d3d10_1.dll", "id": "region_2621", "name": "d3d10_1.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1.dll", "region_type": "memory_mapped_file", "start_va": 8791699750912, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1646592, "start_va": 8791700013056, "type": "region", "version": 1 }, "end_va": 8791701659647, "entry_point": 8791700369420, "filename": "\\Windows\\System32\\dwmcore.dll", "id": "region_2622", "name": "dwmcore.dll", "norm_filename": "c:\\windows\\system32\\dwmcore.dll", "region_type": "memory_mapped_file", "start_va": 8791700013056, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791701716992, "type": "region", "version": 1 }, "end_va": 8791701876735, "entry_point": 8791701746260, "filename": "\\Windows\\System32\\dwmredir.dll", "id": "region_2623", "name": "dwmredir.dll", "norm_filename": "c:\\windows\\system32\\dwmredir.dll", "region_type": "memory_mapped_file", "start_va": 8791701716992, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791711612928, "type": "region", "version": 1 }, "end_va": 8791712833535, "entry_point": 8791711627280, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_2624", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 8791711612928, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791712858112, "type": "region", "version": 1 }, "end_va": 8791712956415, "entry_point": 8791712862512, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_2625", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791712858112, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717273599, "entry_point": 8791716969408, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2626", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791737565184, "type": "region", "version": 1 }, "end_va": 8791737614335, "entry_point": 8791737569380, "filename": "\\Windows\\System32\\version.dll", "id": "region_2627", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791737565184, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791753162752, "type": "region", "version": 1 }, "end_va": 8791753224191, "entry_point": 8791753166880, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_2628", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791753162752, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791753883648, "type": "region", "version": 1 }, "end_va": 8791754121215, "entry_point": 8791753888544, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_2629", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 8791753883648, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2630", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791754997760, "type": "region", "version": 1 }, "end_va": 8791756468223, "entry_point": 8791755002048, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_2631", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791754997760, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2632", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2633", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2634", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2635", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2636", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2637", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2638", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791781158911, "entry_point": 8791779193648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2639", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2640", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2641", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2642", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2643", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_2644", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_2645", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_2646", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_2647", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_2648", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:01:44.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_2659", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:44.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42139647, "entry_point": 0, "filename": null, "id": "region_3004", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:01:44.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_3005", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:44.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791784095744, "type": "region", "version": 1 }, "end_va": 8791784558591, "entry_point": 8791784168992, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_3006", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791784095744, "timestamp": "00:01:44.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791764172800, "type": "region", "version": 1 }, "end_va": 8791778361343, "entry_point": 8791764684476, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_3007", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791764172800, "timestamp": "00:01:44.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791789535232, "type": "region", "version": 1 }, "end_va": 8791789850623, "entry_point": 8791789539440, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3008", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791789535232, "timestamp": "00:01:44.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791787175936, "type": "region", "version": 1 }, "end_va": 8791787208703, "entry_point": 8791787181316, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3009", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791787175936, "timestamp": "00:01:44.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 36765695, "entry_point": 0, "filename": null, "id": "region_3010", "name": "private_0x0000000002250000", "norm_filename": null, "region_type": "private_memory", "start_va": 35979264, "timestamp": "00:01:44.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791788290048, "type": "region", "version": 1 }, "end_va": 8791789510655, "entry_point": 8791788294356, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_3011", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 8791788290048, "timestamp": "00:01:44.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1540096, "start_va": 8791760175104, "type": "region", "version": 1 }, "end_va": 8791761715199, "entry_point": 8791760179424, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_3012", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 8791760175104, "timestamp": "00:01:44.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791787372544, "type": "region", "version": 1 }, "end_va": 8791788253183, "entry_point": 8791787385460, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_3013", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791787372544, "timestamp": "00:01:44.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2461696, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791787147263, "entry_point": 8791784690496, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_3014", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:44.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 42926080, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_3126", "name": "private_0x00000000028f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42926080, "timestamp": "00:01:44.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_3127", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:44.809", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\syswow64\\msiexec.exe", "filename": "c:\\windows\\syswow64\\msiexec.exe", "id": "proc_12", "image_name": "msiexec.exe", "monitor_reason": "child_process", "monitored_id": 12, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2781", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:44.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2782", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:44.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2783", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:44.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2784", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:44.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_2785", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:44.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_2786", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:44.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_2787", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:44.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6307839, "entry_point": 6225920, "filename": "\\Windows\\SysWOW64\\msiexec.exe", "id": "region_2788", "name": "msiexec.exe", "norm_filename": "c:\\windows\\syswow64\\msiexec.exe", "region_type": "memory_mapped_file", "start_va": 6225920, "timestamp": "00:01:44.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2789", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:44.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2790", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:01:44.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2791", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:44.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2792", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:44.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2793", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:44.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2794", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:44.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2795", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:44.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2796", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:44.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2797", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:44.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2273280, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 3518463, "entry_point": 0, "filename": null, "id": "region_3548", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:45.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_3593", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:45.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_4345", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:50.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_4346", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:01:50.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 0, "filename": null, "id": "region_4347", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:01:50.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942484888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4348", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:01:50.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942806136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4349", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:01:50.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943085304, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4350", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:01:50.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4351", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:50.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4352", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:50.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_4353", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:50.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3960831, "entry_point": 3538944, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4354", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3538944, "timestamp": "00:01:50.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 9502719, "entry_point": 0, "filename": null, "id": "region_4355", "name": "private_0x0000000000810000", "norm_filename": null, "region_type": "private_memory", "start_va": 8454144, "timestamp": "00:01:50.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1952382976, "type": "region", "version": 1 }, "end_va": 1954742271, "entry_point": 1952409277, "filename": "\\Windows\\SysWOW64\\msi.dll", "id": "region_4356", "name": "msi.dll", "norm_filename": "c:\\windows\\syswow64\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1952382976, "timestamp": "00:01:50.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965494497, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4357", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:01:50.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965663155, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4358", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:01:50.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1967374335, "entry_point": 1966258749, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4359", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:01:50.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967457641, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4360", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:01:50.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971304173, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4361", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:50.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972849013, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4362", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:01:50.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4363", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:01:50.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976673394, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4364", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:01:50.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977430739, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4365", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:01:50.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1995505664, "type": "region", "version": 1 }, "end_va": 1995862015, "entry_point": 1995611046, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4366", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1995505664, "timestamp": "00:01:50.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996371616, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4367", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:01:50.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997763704, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4368", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:50.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998274519, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4369", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:01:50.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999194597, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4370", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:01:50.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_4371", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:01:50.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_4372", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:01:50.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4373", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:50.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4374", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:50.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 11108351, "entry_point": 0, "filename": null, "id": "region_4375", "name": "pagefile_0x0000000000910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9502720, "timestamp": "00:01:50.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975260811, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4376", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:01:50.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1996035471, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4377", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:01:50.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_4378", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:50.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4379", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:50.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 786432, "filename": "\\Windows\\SysWOW64\\en-US\\msiexec.exe.mui", "id": "region_4380", "name": "msiexec.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\msiexec.exe.mui", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:01:50.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_4381", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:50.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_4382", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:50.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 11141120, "type": "region", "version": 1 }, "end_va": 12718079, "entry_point": 0, "filename": null, "id": "region_4383", "name": "pagefile_0x0000000000aa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11141120, "timestamp": "00:01:50.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_4384", "name": "pagefile_0x0000000000c30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12779520, "timestamp": "00:01:50.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1992466431, "entry_point": 1980110337, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_4385", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:01:50.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1994194944, "type": "region", "version": 1 }, "end_va": 1994412031, "entry_point": 1994200157, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4386", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1994194944, "timestamp": "00:01:50.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1976369152, "type": "region", "version": 1 }, "end_va": 1976393727, "entry_point": 1976375170, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4387", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1976369152, "timestamp": "00:01:50.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 34668543, "entry_point": 0, "filename": null, "id": "region_4388", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:01:50.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972961280, "type": "region", "version": 1 }, "end_va": 1974128639, "entry_point": 1972966794, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_4389", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972961280, "timestamp": "00:01:50.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2003772302, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_4390", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:01:50.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1994457088, "type": "region", "version": 1 }, "end_va": 1995460607, "entry_point": 1994463333, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_4391", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1994457088, "timestamp": "00:01:50.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1996423168, "type": "region", "version": 1 }, "end_va": 1997692927, "entry_point": 1996430133, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_4392", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1996423168, "timestamp": "00:01:50.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1978466304, "type": "region", "version": 1 }, "end_va": 1979052031, "entry_point": 1978482609, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4393", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1978466304, "timestamp": "00:01:50.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1968373760, "type": "region", "version": 1 }, "end_va": 1970450431, "entry_point": 1968382681, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_4394", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1968373760, "timestamp": "00:01:50.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959411711, "entry_point": 1959224313, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_4395", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:01:50.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 35586047, "entry_point": 0, "filename": null, "id": "region_4396", "name": "private_0x0000000002110000", "norm_filename": null, "region_type": "private_memory", "start_va": 34668544, "timestamp": "00:01:50.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_4515", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:51.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_4516", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:51.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4517", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:51.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35586048, "type": "region", "version": 1 }, "end_va": 38531071, "entry_point": 35586048, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4518", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35586048, "timestamp": "00:01:51.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_4527", "name": "private_0x0000000000640000", "norm_filename": null, "region_type": "private_memory", "start_va": 6553600, "timestamp": "00:01:51.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 8126463, "entry_point": 0, "filename": null, "id": "region_4528", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:01:51.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4529", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:51.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 13422592, "start_va": 38535168, "type": "region", "version": 1 }, "end_va": 51957759, "entry_point": 0, "filename": null, "id": "region_4530", "name": "private_0x00000000024c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38535168, "timestamp": "00:01:51.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_4608", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:51.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 561152, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5148671, "entry_point": 0, "filename": null, "id": "region_4609", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:51.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 569344, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5746687, "entry_point": 0, "filename": null, "id": "region_4610", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:01:51.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 13422592, "start_va": 51970048, "type": "region", "version": 1 }, "end_va": 65392639, "entry_point": 0, "filename": null, "id": "region_4611", "name": "private_0x0000000003190000", "norm_filename": null, "region_type": "private_memory", "start_va": 51970048, "timestamp": "00:01:51.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2232320, "start_va": 65404928, "type": "region", "version": 1 }, "end_va": 67637247, "entry_point": 0, "filename": null, "id": "region_4612", "name": "private_0x0000000003e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 65404928, "timestamp": "00:01:51.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 3022848, "start_va": 67698688, "type": "region", "version": 1 }, "end_va": 70721535, "entry_point": 0, "filename": null, "id": "region_4613", "name": "private_0x0000000004090000", "norm_filename": null, "region_type": "private_memory", "start_va": 67698688, "timestamp": "00:01:51.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 6803456, "start_va": 70778880, "type": "region", "version": 1 }, "end_va": 77582335, "entry_point": 0, "filename": null, "id": "region_4614", "name": "private_0x0000000004380000", "norm_filename": null, "region_type": "private_memory", "start_va": 70778880, "timestamp": "00:01:51.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957257215, "entry_point": 1957178819, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4635", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:01:52.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4833279, "entry_point": 4592269, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4636", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 4587520, "timestamp": "00:01:52.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956904960, "type": "region", "version": 1 }, "end_va": 1957146623, "entry_point": 1956909709, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4641", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956904960, "timestamp": "00:01:52.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_4643", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_4644", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 7077887, "entry_point": 0, "filename": null, "id": "region_4645", "name": "private_0x0000000000680000", "norm_filename": null, "region_type": "private_memory", "start_va": 6815744, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 34078719, "entry_point": 0, "filename": null, "id": "region_4646", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34406400, "type": "region", "version": 1 }, "end_va": 34668543, "entry_point": 0, "filename": null, "id": "region_4647", "name": "private_0x00000000020d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34406400, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34734080, "type": "region", "version": 1 }, "end_va": 34996223, "entry_point": 0, "filename": null, "id": "region_4648", "name": "private_0x0000000002120000", "norm_filename": null, "region_type": "private_memory", "start_va": 34734080, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 35323903, "entry_point": 0, "filename": null, "id": "region_4649", "name": "private_0x0000000002170000", "norm_filename": null, "region_type": "private_memory", "start_va": 35061760, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35323904, "type": "region", "version": 1 }, "end_va": 35586047, "entry_point": 0, "filename": null, "id": "region_4650", "name": "private_0x00000000021b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35323904, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38535168, "type": "region", "version": 1 }, "end_va": 38797311, "entry_point": 0, "filename": null, "id": "region_4651", "name": "private_0x00000000024c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38535168, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39059456, "type": "region", "version": 1 }, "end_va": 39321599, "entry_point": 0, "filename": null, "id": "region_4652", "name": "private_0x0000000002540000", "norm_filename": null, "region_type": "private_memory", "start_va": 39059456, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 39583743, "entry_point": 0, "filename": null, "id": "region_4653", "name": "private_0x0000000002580000", "norm_filename": null, "region_type": "private_memory", "start_va": 39321600, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 39845887, "entry_point": 0, "filename": null, "id": "region_4654", "name": "private_0x00000000025c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39583744, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39976960, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_4655", "name": "private_0x0000000002620000", "norm_filename": null, "region_type": "private_memory", "start_va": 39976960, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958395903, "entry_point": 1958155357, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_4656", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:52.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130305024, "type": "region", "version": 1 }, "end_va": 2130317311, "entry_point": 0, "filename": null, "id": "region_4657", "name": "private_0x000000007ef9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130305024, "timestamp": "00:01:52.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_4658", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:01:52.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_4659", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:01:52.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_4660", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:01:52.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4661", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:52.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 41877503, "entry_point": 0, "filename": null, "id": "region_4663", "name": "private_0x0000000002660000", "norm_filename": null, "region_type": "private_memory", "start_va": 40239104, "timestamp": "00:01:52.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958039551, "entry_point": 1958024671, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_4664", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:52.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956515839, "entry_point": 1956451072, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4665", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:52.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1956380672, "type": "region", "version": 1 }, "end_va": 1956417535, "entry_point": 1956386214, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4666", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1956380672, "timestamp": "00:01:52.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1956249600, "type": "region", "version": 1 }, "end_va": 1956351999, "entry_point": 1956254489, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4667", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1956249600, "timestamp": "00:01:52.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1956245503, "entry_point": 1956188833, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4668", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:01:52.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 41287679, "entry_point": 0, "filename": null, "id": "region_4669", "name": "private_0x0000000002660000", "norm_filename": null, "region_type": "private_memory", "start_va": 40239104, "timestamp": "00:01:52.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 41877503, "entry_point": 0, "filename": null, "id": "region_4670", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:01:52.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42795008, "type": "region", "version": 1 }, "end_va": 43057151, "entry_point": 0, "filename": null, "id": "region_4671", "name": "private_0x00000000028d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42795008, "timestamp": "00:01:52.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43581439, "entry_point": 0, "filename": null, "id": "region_4672", "name": "private_0x0000000002950000", "norm_filename": null, "region_type": "private_memory", "start_va": 43319296, "timestamp": "00:01:52.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130292736, "type": "region", "version": 1 }, "end_va": 2130305023, "entry_point": 0, "filename": null, "id": "region_4673", "name": "private_0x000000007ef9b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130292736, "timestamp": "00:01:52.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_4674", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:52.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4259840, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 47841279, "entry_point": 0, "filename": null, "id": "region_4675", "name": "pagefile_0x0000000002990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43581440, "timestamp": "00:01:52.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4259840, "start_va": 47841280, "type": "region", "version": 1 }, "end_va": 52101119, "entry_point": 0, "filename": null, "id": "region_4676", "name": "pagefile_0x0000000002da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 47841280, "timestamp": "00:01:52.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 86016, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4280319, "entry_point": 0, "filename": null, "id": "region_4677", "name": "pagefile_0x0000000000400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4194304, "timestamp": "00:01:52.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 86016, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4214783, "entry_point": 0, "filename": null, "id": "region_4678", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:52.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_4727", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:52.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1961156607, "entry_point": 1959650997, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_4728", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:01:52.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4198399, "entry_point": 4194304, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_4729", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:52.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4268031, "entry_point": 0, "filename": null, "id": "region_4730", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:01:52.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1964900352, "type": "region", "version": 1 }, "end_va": 1964945407, "entry_point": 1964906898, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_4731", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1964900352, "timestamp": "00:01:52.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 81920, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5193727, "entry_point": 5111808, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_4732", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 5111808, "timestamp": "00:01:52.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4227071, "entry_point": 4194304, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_4733", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:52.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 5242880, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_4734", "name": "index.dat", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 5242880, "timestamp": "00:01:52.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1965228032, "type": "region", "version": 1 }, "end_va": 1965342719, "entry_point": 1965270065, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_4735", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1965228032, "timestamp": "00:01:52.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1965162496, "type": "region", "version": 1 }, "end_va": 1965191167, "entry_point": 1965167245, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_4736", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1965162496, "timestamp": "00:01:52.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1958739968, "type": "region", "version": 1 }, "end_va": 1959075839, "entry_point": 1958745278, "filename": "\\Windows\\SysWOW64\\rasapi32.dll", "id": "region_4737", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\syswow64\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1958739968, "timestamp": "00:01:52.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1964658687, "entry_point": 1964577502, "filename": "\\Windows\\SysWOW64\\rasman.dll", "id": "region_4738", "name": "rasman.dll", "norm_filename": "c:\\windows\\syswow64\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:01:52.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964560383, "entry_point": 1964512038, "filename": "\\Windows\\SysWOW64\\rtutils.dll", "id": "region_4739", "name": "rtutils.dll", "norm_filename": "c:\\windows\\syswow64\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:01:52.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5312511, "entry_point": 0, "filename": null, "id": "region_4740", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:01:52.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5312511, "entry_point": 0, "filename": null, "id": "region_4741", "name": "pagefile_0x0000000000510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5308416, "timestamp": "00:01:52.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1964441600, "type": "region", "version": 1 }, "end_va": 1964466175, "entry_point": 1964446298, "filename": "\\Windows\\SysWOW64\\SensApi.dll", "id": "region_4742", "name": "sensapi.dll", "norm_filename": "c:\\windows\\syswow64\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1964441600, "timestamp": "00:01:52.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1958674432, "type": "region", "version": 1 }, "end_va": 1958739967, "entry_point": 1958688961, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_4743", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1958674432, "timestamp": "00:01:52.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47841280, "type": "region", "version": 1 }, "end_va": 48889855, "entry_point": 0, "filename": null, "id": "region_4744", "name": "private_0x0000000002da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47841280, "timestamp": "00:01:52.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 48889856, "type": "region", "version": 1 }, "end_va": 50528255, "entry_point": 0, "filename": null, "id": "region_4745", "name": "private_0x0000000002ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48889856, "timestamp": "00:01:52.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 41877504, "type": "region", "version": 1 }, "end_va": 42795007, "entry_point": 0, "filename": null, "id": "region_4746", "name": "private_0x00000000027f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41877504, "timestamp": "00:01:52.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1957953536, "type": "region", "version": 1 }, "end_va": 1957978111, "entry_point": 1957959283, "filename": "\\Windows\\SysWOW64\\wship6.dll", "id": "region_4747", "name": "wship6.dll", "norm_filename": "c:\\windows\\syswow64\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1957953536, "timestamp": "00:01:52.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41615359, "entry_point": 0, "filename": null, "id": "region_4767", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:01:52.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 47841280, "type": "region", "version": 1 }, "end_va": 48103423, "entry_point": 0, "filename": null, "id": "region_4768", "name": "private_0x0000000002da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47841280, "timestamp": "00:01:52.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 48824320, "type": "region", "version": 1 }, "end_va": 48889855, "entry_point": 0, "filename": null, "id": "region_4769", "name": "private_0x0000000002e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 48824320, "timestamp": "00:01:52.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130280448, "type": "region", "version": 1 }, "end_va": 2130292735, "entry_point": 0, "filename": null, "id": "region_4770", "name": "private_0x000000007ef98000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130280448, "timestamp": "00:01:52.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 48234496, "type": "region", "version": 1 }, "end_va": 48496639, "entry_point": 0, "filename": null, "id": "region_4771", "name": "private_0x0000000002e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 48234496, "timestamp": "00:01:52.427", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskeng.exe {CFDCF914-63AE-4446-B16F-E0A62E2EE661} S-1-5-21-1836691140-625943148-109919340-1000:AUFDDCNTXWT\\aDU0VK IWA5kLS:Interactive:LUA[1]", "filename": "c:\\windows\\system32\\taskeng.exe", "id": "proc_13", "image_name": "taskeng.exe", "monitor_reason": "injection", "monitored_id": 13, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2935", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2936", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_2937", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 737279, "entry_point": 0, "filename": null, "id": "region_2938", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_2939", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2940", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1318911, "entry_point": 0, "filename": null, "id": "region_2941", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_2942", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_2943", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_2944", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_2945", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 5210111, "entry_point": 0, "filename": null, "id": "region_2946", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6819839, "entry_point": 0, "filename": null, "id": "region_2947", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 27852799, "entry_point": 0, "filename": null, "id": "region_2948", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 27852800, "type": "region", "version": 1 }, "end_va": 31993855, "entry_point": 0, "filename": null, "id": "region_2949", "name": "pagefile_0x0000000001a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27852800, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 32051199, "entry_point": 0, "filename": null, "id": "region_2950", "name": "private_0x0000000001e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 32047104, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32116735, "entry_point": 0, "filename": null, "id": "region_2951", "name": "pagefile_0x0000000001ea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32112640, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_2952", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33013759, "entry_point": 0, "filename": null, "id": "region_2953", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_2954", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 34209791, "entry_point": 0, "filename": null, "id": "region_2955", "name": "private_0x0000000002020000", "norm_filename": null, "region_type": "private_memory", "start_va": 33685504, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34209792, "type": "region", "version": 1 }, "end_va": 35258367, "entry_point": 0, "filename": null, "id": "region_2956", "name": "private_0x00000000020a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34209792, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 36171775, "entry_point": 0, "filename": null, "id": "region_2957", "name": "pagefile_0x00000000021a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35258368, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36831232, "type": "region", "version": 1 }, "end_va": 39776255, "entry_point": 36831232, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2958", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36831232, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 40370176, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_2959", "name": "private_0x0000000002680000", "norm_filename": null, "region_type": "private_memory", "start_va": 40370176, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41877503, "entry_point": 0, "filename": null, "id": "region_2960", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43778047, "entry_point": 0, "filename": null, "id": "region_2961", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 44498944, "type": "region", "version": 1 }, "end_va": 45023231, "entry_point": 0, "filename": null, "id": "region_2962", "name": "private_0x0000000002a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 44498944, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2963", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2964", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2965", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2966", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2967", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2968", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 4293066752, "type": "region", "version": 1 }, "end_va": 4293541887, "entry_point": 4293129292, "filename": "\\Windows\\System32\\taskeng.exe", "id": "region_2969", "name": "taskeng.exe", "norm_filename": "c:\\windows\\system32\\taskeng.exe", "region_type": "memory_mapped_file", "start_va": 4293066752, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791631527936, "type": "region", "version": 1 }, "end_va": 8791631564799, "entry_point": 8791631532448, "filename": "\\Windows\\System32\\TSChannel.dll", "id": "region_2970", "name": "tschannel.dll", "norm_filename": "c:\\windows\\system32\\tschannel.dll", "region_type": "memory_mapped_file", "start_va": 8791631527936, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791712858112, "type": "region", "version": 1 }, "end_va": 8791712956415, "entry_point": 8791712862512, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_2971", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791712858112, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717273599, "entry_point": 8791716969408, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2972", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791717838848, "type": "region", "version": 1 }, "end_va": 8791718055935, "entry_point": 8791717843044, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_2973", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791717838848, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791718100992, "type": "region", "version": 1 }, "end_va": 8791718141951, "entry_point": 8791718110732, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_2974", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 8791718100992, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791741825024, "type": "region", "version": 1 }, "end_va": 8791742115839, "entry_point": 8791741829220, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2975", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791741825024, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746441215, "entry_point": 8791746359992, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2976", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791747395584, "type": "region", "version": 1 }, "end_va": 8791747842047, "entry_point": 8791747399696, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_2977", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791747395584, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751348223, "entry_point": 8791751235160, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2978", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791751393280, "type": "region", "version": 1 }, "end_va": 8791751454719, "entry_point": 8791751397392, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2979", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751393280, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791752376320, "type": "region", "version": 1 }, "end_va": 8791752458239, "entry_point": 8791752380640, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2980", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791752376320, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2981", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2982", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791757750272, "type": "region", "version": 1 }, "end_va": 8791758376959, "entry_point": 8791757757456, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2983", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791757750272, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2984", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2985", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2986", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2987", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2988", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2989", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791781158911, "entry_point": 8791779193648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2990", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791784095744, "type": "region", "version": 1 }, "end_va": 8791784558591, "entry_point": 8791784168992, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2991", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791784095744, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2992", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2993", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791787372544, "type": "region", "version": 1 }, "end_va": 8791788253183, "entry_point": 8791787385460, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2994", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791787372544, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2995", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_2996", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_2997", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_2998", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_2999", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_3000", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_3001", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_3002", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_3003", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:01:44.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32182271, "entry_point": 0, "filename": null, "id": "region_3015", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:01:44.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 36831231, "entry_point": 0, "filename": null, "id": "region_3305", "name": "private_0x00000000022a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36306944, "timestamp": "00:01:45.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_3306", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:45.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791764172800, "type": "region", "version": 1 }, "end_va": 8791778361343, "entry_point": 8791764684476, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_3307", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791764172800, "timestamp": "00:01:45.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791789535232, "type": "region", "version": 1 }, "end_va": 8791789850623, "entry_point": 8791789539440, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_3308", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791789535232, "timestamp": "00:01:45.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791787175936, "type": "region", "version": 1 }, "end_va": 8791787208703, "entry_point": 8791787181316, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_3309", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791787175936, "timestamp": "00:01:45.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 41877504, "type": "region", "version": 1 }, "end_va": 42795007, "entry_point": 0, "filename": null, "id": "region_3310", "name": "private_0x00000000027f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41877504, "timestamp": "00:01:45.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791788290048, "type": "region", "version": 1 }, "end_va": 8791789510655, "entry_point": 8791788294356, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_3311", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 8791788290048, "timestamp": "00:01:45.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1540096, "start_va": 8791760175104, "type": "region", "version": 1 }, "end_va": 8791761715199, "entry_point": 8791760179424, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_3312", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 8791760175104, "timestamp": "00:01:45.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791754997760, "type": "region", "version": 1 }, "end_va": 8791756468223, "entry_point": 8791755002048, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_3313", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791754997760, "timestamp": "00:01:45.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791753162752, "type": "region", "version": 1 }, "end_va": 8791753224191, "entry_point": 8791753166880, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_3314", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791753162752, "timestamp": "00:01:45.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2461696, "start_va": 8791784685568, "type": "region", "version": 1 }, "end_va": 8791787147263, "entry_point": 8791784690496, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_3315", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 8791784685568, "timestamp": "00:01:45.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 45416448, "type": "region", "version": 1 }, "end_va": 45940735, "entry_point": 0, "filename": null, "id": "region_3376", "name": "private_0x0000000002b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 45416448, "timestamp": "00:01:45.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_3377", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:45.121", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor.exe\"", "filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor.exe", "id": "proc_14", "image_name": "tor.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4615", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:51.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4616", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:51.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4617", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:51.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4618", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:51.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_4619", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:51.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_4620", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:51.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3010560, "start_va": 15532032, "type": "region", "version": 1 }, "end_va": 18542591, "entry_point": 15532032, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor.exe", "id": "region_4621", "name": "tor.exe", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor.exe", "region_type": "memory_mapped_file", "start_va": 15532032, "timestamp": "00:01:51.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4622", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:51.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4623", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:01:51.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4624", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:51.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4625", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:51.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4626", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:51.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4627", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:51.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4628", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:51.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4629", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:51.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4630", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:51.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_4631", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:01:51.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942484888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4632", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:01:51.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942806136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4633", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:01:51.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943085304, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4634", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:01:51.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4697", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:52.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 393216, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4698", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 393216, "timestamp": "00:01:52.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 8585215, "entry_point": 0, "filename": null, "id": "region_4699", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:01:52.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10420224, "type": "region", "version": 1 }, "end_va": 10485759, "entry_point": 0, "filename": null, "id": "region_4700", "name": "private_0x00000000009f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10420224, "timestamp": "00:01:52.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2031616, "start_va": 1914306560, "type": "region", "version": 1 }, "end_va": 1916338175, "entry_point": 1914306560, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\libeay32.dll", "id": "region_4701", "name": "libeay32.dll", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libeay32.dll", "region_type": "memory_mapped_file", "start_va": 1914306560, "timestamp": "00:01:52.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 425984, "start_va": 1947009024, "type": "region", "version": 1 }, "end_va": 1947435007, "entry_point": 1947009024, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\ssleay32.dll", "id": "region_4702", "name": "ssleay32.dll", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\ssleay32.dll", "region_type": "memory_mapped_file", "start_va": 1947009024, "timestamp": "00:01:52.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 1947467776, "type": "region", "version": 1 }, "end_va": 1947955199, "entry_point": 1947467776, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\libgcc_s_sjlj-1.dll", "id": "region_4703", "name": "libgcc_s_sjlj-1.dll", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libgcc_s_sjlj-1.dll", "region_type": "memory_mapped_file", "start_va": 1947467776, "timestamp": "00:01:52.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1948188672, "type": "region", "version": 1 }, "end_va": 1948327935, "entry_point": 1948188672, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\zlib1.dll", "id": "region_4704", "name": "zlib1.dll", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\zlib1.dll", "region_type": "memory_mapped_file", "start_va": 1948188672, "timestamp": "00:01:52.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 532480, "start_va": 1948385280, "type": "region", "version": 1 }, "end_va": 1948917759, "entry_point": 1948385280, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\libevent-2-0-5.dll", "id": "region_4705", "name": "libevent-2-0-5.dll", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libevent-2-0-5.dll", "region_type": "memory_mapped_file", "start_va": 1948385280, "timestamp": "00:01:52.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1954873344, "type": "region", "version": 1 }, "end_va": 1954988031, "entry_point": 1954873344, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\libssp-0.dll", "id": "region_4706", "name": "libssp-0.dll", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libssp-0.dll", "region_type": "memory_mapped_file", "start_va": 1954873344, "timestamp": "00:01:52.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965494497, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4707", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:01:52.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965663155, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4708", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:01:52.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967457641, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4709", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:01:52.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971304173, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4710", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:52.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972849013, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4711", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:01:52.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4712", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:01:52.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1976369152, "type": "region", "version": 1 }, "end_va": 1976393727, "entry_point": 1976375170, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4713", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1976369152, "timestamp": "00:01:52.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976673394, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4714", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:01:52.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977430739, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4715", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:01:52.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1992466431, "entry_point": 1980110337, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_4716", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:01:52.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1994194944, "type": "region", "version": 1 }, "end_va": 1994412031, "entry_point": 1994200157, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4717", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1994194944, "timestamp": "00:01:52.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1995505664, "type": "region", "version": 1 }, "end_va": 1995862015, "entry_point": 1995611046, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4718", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1995505664, "timestamp": "00:01:52.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996371616, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4719", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:01:52.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997763704, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4720", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:52.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998274519, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4721", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:01:52.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999194597, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4722", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:01:52.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_4723", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:01:52.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_4724", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:01:52.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4725", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:52.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4726", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:52.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957257215, "entry_point": 1957178819, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4756", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:01:52.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1359871, "entry_point": 1118861, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4757", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:52.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956904960, "type": "region", "version": 1 }, "end_va": 1957146623, "entry_point": 1956909709, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4762", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956904960, "timestamp": "00:01:52.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 13430783, "entry_point": 10485760, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4763", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 10485760, "timestamp": "00:01:52.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 5210111, "entry_point": 0, "filename": null, "id": "region_4764", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:01:52.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975260811, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4765", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:01:52.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1996035471, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4766", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:01:52.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_4834", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:52.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_4835", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:52.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 7409663, "entry_point": 0, "filename": null, "id": "region_4836", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:01:52.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 18546688, "type": "region", "version": 1 }, "end_va": 39518207, "entry_point": 0, "filename": null, "id": "region_4837", "name": "pagefile_0x00000000011b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18546688, "timestamp": "00:01:52.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 9633791, "entry_point": 0, "filename": null, "id": "region_4838", "name": "private_0x0000000000830000", "norm_filename": null, "region_type": "private_memory", "start_va": 8585216, "timestamp": "00:01:52.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956515839, "entry_point": 1956451072, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_4839", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:52.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1956380672, "type": "region", "version": 1 }, "end_va": 1956417535, "entry_point": 1956386214, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_4840", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1956380672, "timestamp": "00:01:52.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1956249600, "type": "region", "version": 1 }, "end_va": 1956351999, "entry_point": 1956254489, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_4841", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1956249600, "timestamp": "00:01:52.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1956245503, "entry_point": 1956188833, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_4842", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:01:52.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 14614527, "entry_point": 0, "filename": null, "id": "region_4859", "name": "private_0x0000000000db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14352384, "timestamp": "00:01:53.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14680064, "type": "region", "version": 1 }, "end_va": 14942207, "entry_point": 0, "filename": null, "id": "region_4860", "name": "private_0x0000000000e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 14680064, "timestamp": "00:01:53.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 43581439, "entry_point": 0, "filename": null, "id": "region_4861", "name": "private_0x0000000002790000", "norm_filename": null, "region_type": "private_memory", "start_va": 41484288, "timestamp": "00:01:53.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 45678591, "entry_point": 0, "filename": null, "id": "region_4862", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:01:53.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4863", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:53.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4864", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:53.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_4865", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:53.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4259840, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 49938431, "entry_point": 0, "filename": null, "id": "region_4866", "name": "pagefile_0x0000000002b90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 45678592, "timestamp": "00:01:53.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4259840, "start_va": 49938432, "type": "region", "version": 1 }, "end_va": 54198271, "entry_point": 0, "filename": null, "id": "region_4867", "name": "pagefile_0x0000000002fa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 49938432, "timestamp": "00:01:53.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 77824, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1257471, "entry_point": 0, "filename": null, "id": "region_4868", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:53.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 77824, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1191935, "entry_point": 0, "filename": null, "id": "region_4869", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:53.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 1114112, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_5593", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:54.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1208319, "entry_point": 0, "filename": null, "id": "region_5594", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:54.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1253375, "entry_point": 0, "filename": null, "id": "region_5595", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:54.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 49819647, "entry_point": 0, "filename": null, "id": "region_5596", "name": "pagefile_0x0000000002b90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 45678592, "timestamp": "00:01:54.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_5666", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:54.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1967374335, "entry_point": 1966258749, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_5667", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:01:54.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1940389888, "type": "region", "version": 1 }, "end_va": 1940914175, "entry_point": 1940469705, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_5668", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1940389888, "timestamp": "00:01:54.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 10354687, "entry_point": 0, "filename": null, "id": "region_5669", "name": "private_0x0000000000930000", "norm_filename": null, "region_type": "private_memory", "start_va": 9633792, "timestamp": "00:01:54.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 13434880, "type": "region", "version": 1 }, "end_va": 14348287, "entry_point": 0, "filename": null, "id": "region_5677", "name": "pagefile_0x0000000000cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13434880, "timestamp": "00:01:55.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1318911, "entry_point": 0, "filename": null, "id": "region_5678", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:55.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1961156607, "entry_point": 1959650997, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_5679", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:01:55.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 1376256, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_5680", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:01:55.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_5681", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:55.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1978466304, "type": "region", "version": 1 }, "end_va": 1979052031, "entry_point": 1978482609, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_5682", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1978466304, "timestamp": "00:01:55.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_5683", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:55.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1972240384, "type": "region", "version": 1 }, "end_va": 1972776959, "entry_point": 1972249554, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_5684", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1972240384, "timestamp": "00:01:55.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5246975, "entry_point": 0, "filename": null, "id": "region_5685", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:01:55.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1939341312, "type": "region", "version": 1 }, "end_va": 1940344831, "entry_point": 1939410334, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_5686", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1939341312, "timestamp": "00:01:55.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1964703744, "type": "region", "version": 1 }, "end_va": 1964838911, "entry_point": 1964708958, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_5687", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1964703744, "timestamp": "00:01:55.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1979056128, "type": "region", "version": 1 }, "end_va": 1979338751, "entry_point": 1979060705, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_5688", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1979056128, "timestamp": "00:01:55.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7487487, "entry_point": 7471104, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_5689", "name": "cversions.1.db", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 7471104, "timestamp": "00:01:55.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 159744, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 9793535, "entry_point": 9633792, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db", "id": "region_5690", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "region_type": "memory_mapped_file", "start_va": 9633792, "timestamp": "00:01:55.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 10354687, "entry_point": 0, "filename": null, "id": "region_5691", "name": "private_0x00000000009a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10092544, "timestamp": "00:01:55.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 9834495, "entry_point": 0, "filename": null, "id": "region_5692", "name": "pagefile_0x0000000000960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9830400, "timestamp": "00:01:55.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 40570879, "entry_point": 0, "filename": null, "id": "region_5693", "name": "private_0x00000000025b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39518208, "timestamp": "00:01:55.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40566784, "type": "region", "version": 1 }, "end_va": 40828927, "entry_point": 0, "filename": null, "id": "region_5812", "name": "private_0x00000000026b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40566784, "timestamp": "00:01:55.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 49872896, "type": "region", "version": 1 }, "end_va": 51970047, "entry_point": 0, "filename": null, "id": "region_5813", "name": "private_0x0000000002f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 49872896, "timestamp": "00:01:55.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971134463, "entry_point": 1971065921, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_5814", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:55.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1976172544, "type": "region", "version": 1 }, "end_va": 1976332287, "entry_point": 1976195257, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_5815", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1976172544, "timestamp": "00:01:55.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1992491008, "type": "region", "version": 1 }, "end_va": 1994182655, "entry_point": 1992497127, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_5816", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1992491008, "timestamp": "00:01:55.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_5817", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:55.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14942208, "type": "region", "version": 1 }, "end_va": 15204351, "entry_point": 0, "filename": null, "id": "region_5826", "name": "private_0x0000000000e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 14942208, "timestamp": "00:01:55.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 52101120, "type": "region", "version": 1 }, "end_va": 54198271, "entry_point": 0, "filename": null, "id": "region_5827", "name": "private_0x00000000031b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52101120, "timestamp": "00:01:55.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1965228032, "type": "region", "version": 1 }, "end_va": 1965342719, "entry_point": 1965270065, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_5828", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1965228032, "timestamp": "00:01:55.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_5829", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:55.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1965162496, "type": "region", "version": 1 }, "end_va": 1965191167, "entry_point": 1965167245, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_5830", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1965162496, "timestamp": "00:01:55.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1965096960, "type": "region", "version": 1 }, "end_va": 1965150207, "entry_point": 1965105170, "filename": "\\Windows\\SysWOW64\\dhcpcsvc6.dll", "id": "region_5831", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 1965096960, "timestamp": "00:01:55.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965039615, "entry_point": 1964978801, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_5881", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:01:55.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958395903, "entry_point": 1958155357, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_5882", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:55.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 458752, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 39976959, "entry_point": 0, "filename": null, "id": "region_5883", "name": "private_0x00000000025b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39518208, "timestamp": "00:01:55.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958039551, "entry_point": 1958024671, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_5884", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:55.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 54198272, "type": "region", "version": 1 }, "end_va": 54984703, "entry_point": 54198272, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_6007", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 54198272, "timestamp": "00:01:56.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_6224", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:56.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4259840, "start_va": 54984704, "type": "region", "version": 1 }, "end_va": 59244543, "entry_point": 0, "filename": null, "id": "region_6225", "name": "pagefile_0x0000000003470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 54984704, "timestamp": "00:01:56.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4259840, "start_va": 59244544, "type": "region", "version": 1 }, "end_va": 63504383, "entry_point": 0, "filename": null, "id": "region_6226", "name": "pagefile_0x0000000003880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 59244544, "timestamp": "00:01:56.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 98304, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 9994239, "entry_point": 0, "filename": null, "id": "region_6227", "name": "pagefile_0x0000000000970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9895936, "timestamp": "00:01:56.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41222144, "type": "region", "version": 1 }, "end_va": 41484287, "entry_point": 0, "filename": null, "id": "region_7214", "name": "private_0x0000000002750000", "norm_filename": null, "region_type": "private_memory", "start_va": 41222144, "timestamp": "00:01:58.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 56688640, "type": "region", "version": 1 }, "end_va": 58785791, "entry_point": 0, "filename": null, "id": "region_7215", "name": "private_0x0000000003610000", "norm_filename": null, "region_type": "private_memory", "start_va": 56688640, "timestamp": "00:01:58.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_7216", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:01:58.844", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\certutil.exe\" -A -n \"yvesl\" -t \"C,C,C\" -i \"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\okguaxb.crt\" -d \"C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\asmpdd98.default\"", "filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\certutil.exe", "id": "proc_15", "image_name": "certutil.exe", "monitor_reason": "child_process", "monitored_id": 15, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_6656", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:58.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_6657", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:58.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_6658", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:58.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_6659", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:58.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_6660", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:58.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_6661", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:58.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 13500416, "type": "region", "version": 1 }, "end_va": 13619199, "entry_point": 13500416, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\certutil.exe", "id": "region_6662", "name": "certutil.exe", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\certutil.exe", "region_type": "memory_mapped_file", "start_va": 13500416, "timestamp": "00:01:58.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_6663", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:58.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_6664", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:01:58.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_6665", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:58.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_6666", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:58.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_6667", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:58.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_6668", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:58.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_6669", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:58.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6670", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:58.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_6671", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:58.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_6672", "name": "private_0x0000000000500000", "norm_filename": null, "region_type": "private_memory", "start_va": 5242880, "timestamp": "00:01:58.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942484888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_6673", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:01:58.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942806136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_6674", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:01:58.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943085304, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_6675", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:01:58.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_7217", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:58.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_7218", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:58.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 393216, "filename": "\\Windows\\System32\\locale.nls", "id": "region_7219", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 393216, "timestamp": "00:01:58.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_7220", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:58.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 7864319, "entry_point": 0, "filename": null, "id": "region_7221", "name": "private_0x0000000000680000", "norm_filename": null, "region_type": "private_memory", "start_va": 6815744, "timestamp": "00:01:58.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 815104, "start_va": 1935933440, "type": "region", "version": 1 }, "end_va": 1936748543, "entry_point": 1935933440, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\nss3.dll", "id": "region_7222", "name": "nss3.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1935933440, "timestamp": "00:01:58.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1941438464, "type": "region", "version": 1 }, "end_va": 1942220799, "entry_point": 1941438464, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\msvcr100.dll", "id": "region_7223", "name": "msvcr100.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1941438464, "timestamp": "00:01:58.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1946615808, "type": "region", "version": 1 }, "end_va": 1946730495, "entry_point": 1946615808, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\smime3.dll", "id": "region_7224", "name": "smime3.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\smime3.dll", "region_type": "memory_mapped_file", "start_va": 1946615808, "timestamp": "00:01:58.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 225280, "start_va": 1946746880, "type": "region", "version": 1 }, "end_va": 1946972159, "entry_point": 1946746880, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\libnspr4.dll", "id": "region_7225", "name": "libnspr4.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\libnspr4.dll", "region_type": "memory_mapped_file", "start_va": 1946746880, "timestamp": "00:01:58.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 1954742272, "type": "region", "version": 1 }, "end_va": 1954848767, "entry_point": 1954742272, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\nssutil3.dll", "id": "region_7226", "name": "nssutil3.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\nssutil3.dll", "region_type": "memory_mapped_file", "start_va": 1954742272, "timestamp": "00:01:58.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955667967, "entry_point": 1955477489, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_7227", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:01:58.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1955790848, "type": "region", "version": 1 }, "end_va": 1955819519, "entry_point": 1955790848, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\libplds4.dll", "id": "region_7228", "name": "libplds4.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\libplds4.dll", "region_type": "memory_mapped_file", "start_va": 1955790848, "timestamp": "00:01:58.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1956708352, "type": "region", "version": 1 }, "end_va": 1956737023, "entry_point": 1956712736, "filename": "\\Windows\\SysWOW64\\wsock32.dll", "id": "region_7229", "name": "wsock32.dll", "norm_filename": "c:\\windows\\syswow64\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1956708352, "timestamp": "00:01:58.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958395903, "entry_point": 1958155357, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_7230", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:58.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965387775, "entry_point": 1965359104, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\libplc4.dll", "id": "region_7231", "name": "libplc4.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\libplc4.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:01:58.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965494497, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_7232", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:01:58.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965663155, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_7233", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:01:58.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967457641, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_7234", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:01:58.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971304173, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_7235", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:58.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972849013, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_7236", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:01:58.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_7237", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:01:58.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1976369152, "type": "region", "version": 1 }, "end_va": 1976393727, "entry_point": 1976375170, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_7238", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1976369152, "timestamp": "00:01:58.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976673394, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_7239", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:01:58.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977430739, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_7240", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:01:58.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1994194944, "type": "region", "version": 1 }, "end_va": 1994412031, "entry_point": 1994200157, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_7241", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1994194944, "timestamp": "00:01:58.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996371616, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_7242", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:01:58.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997763704, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_7243", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:58.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998274519, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_7244", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:01:58.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999194597, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_7245", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:01:58.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_7246", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:01:58.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_7247", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:01:58.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_7248", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:58.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_7249", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:58.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 9469951, "entry_point": 0, "filename": null, "id": "region_7263", "name": "pagefile_0x0000000000780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7864320, "timestamp": "00:01:58.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975260811, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_7264", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:01:58.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1996035471, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_7265", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:01:58.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_7266", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:58.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_7267", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:58.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_7268", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:58.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 11079679, "entry_point": 0, "filename": null, "id": "region_7269", "name": "pagefile_0x0000000000910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9502720, "timestamp": "00:01:58.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 13631488, "type": "region", "version": 1 }, "end_va": 34603007, "entry_point": 0, "filename": null, "id": "region_7270", "name": "pagefile_0x0000000000d00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13631488, "timestamp": "00:01:58.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_7271", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:01:58.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11272192, "type": "region", "version": 1 }, "end_va": 12320767, "entry_point": 0, "filename": null, "id": "region_7272", "name": "private_0x0000000000ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11272192, "timestamp": "00:01:58.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 37548031, "entry_point": 34603008, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_7273", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34603008, "timestamp": "00:01:58.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_7274", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:58.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_7275", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:58.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_7276", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:58.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 39649279, "entry_point": 0, "filename": null, "id": "region_7277", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:01:58.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 42008575, "entry_point": 0, "filename": null, "id": "region_7278", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:01:58.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_7279", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:58.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946603519, "entry_point": 1946419200, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\softokn3.dll", "id": "region_7280", "name": "softokn3.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:01:58.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 1940979712, "type": "region", "version": 1 }, "end_va": 1941417983, "entry_point": 1940979712, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\sqlite3.dll", "id": "region_7281", "name": "sqlite3.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\sqlite3.dll", "region_type": "memory_mapped_file", "start_va": 1940979712, "timestamp": "00:01:58.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 40697855, "entry_point": 0, "filename": null, "id": "region_7282", "name": "private_0x00000000025d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39649280, "timestamp": "00:01:58.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1946288128, "type": "region", "version": 1 }, "end_va": 1946411007, "entry_point": 1946288128, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\nssdbm3.dll", "id": "region_7347", "name": "nssdbm3.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1946288128, "timestamp": "00:01:59.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 917504, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_7348", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:59.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1011711, "entry_point": 0, "filename": null, "id": "region_7349", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:59.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1056767, "entry_point": 0, "filename": null, "id": "region_7350", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:59.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 42008576, "type": "region", "version": 1 }, "end_va": 46149631, "entry_point": 0, "filename": null, "id": "region_7351", "name": "pagefile_0x0000000002810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42008576, "timestamp": "00:01:59.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 1945108480, "type": "region", "version": 1 }, "end_va": 1945362431, "entry_point": 1945108480, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\freebl3.dll", "id": "region_7353", "name": "freebl3.dll", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1945108480, "timestamp": "00:01:59.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1992466431, "entry_point": 1980110337, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_7354", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:01:59.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1995505664, "type": "region", "version": 1 }, "end_va": 1995862015, "entry_point": 1995611046, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_7355", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1995505664, "timestamp": "00:01:59.079", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The overall sleep time of all monitored processes was truncated from 8 minutes to 1 minute, 20 seconds to reveal dormant functionality.", "id": 262144, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "UPS_Slip_307086.doc", "id": 17501, "md5_hash": "929fb9558479a5c1c33f71a7373c3962", "sample_type": "word_document", "sha1_hash": "fcc0f73d96e660c58dd2e2f9a433a17aabdb7c62", "sha256_hash": "ab90ed6cb461f17ce1f901097a045aba7c984898a0425767f01454689698f2e9", "size": 200192, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 265270, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_15886.png", "size": 264852, "thumbnail_archive_path": "screenshots/thumbnail_15886.png", "timestamp": "00:00:15.886", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_20228.png", "size": 34886, "thumbnail_archive_path": "screenshots/thumbnail_20228.png", "timestamp": "00:00:20.228", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_22430.png", "size": 93167, "thumbnail_archive_path": "screenshots/thumbnail_22430.png", "timestamp": "00:00:22.430", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_27633.png", "size": 206201, "thumbnail_archive_path": "screenshots/thumbnail_27633.png", "timestamp": "00:00:27.633", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_105717.png", "size": 206800, "thumbnail_archive_path": "screenshots/thumbnail_105717.png", "timestamp": "00:01:45.717", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_106944.png", "size": 94683, "thumbnail_archive_path": "screenshots/thumbnail_106944.png", "timestamp": "00:01:46.944", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_108931.png", "size": 94596, "thumbnail_archive_path": "screenshots/thumbnail_108931.png", "timestamp": "00:01:48.931", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_109972.png", "size": 938947, "thumbnail_archive_path": "screenshots/thumbnail_109972.png", "timestamp": "00:01:49.972", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-08-21 12:23", "analyzer_version": "2.2.0", "chrome_version": "59.0.3071.115", "firefox_version": "25.0", "flash_version": "10.3.183.90", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.710", "microsoft_excel_version": "15.0.4569.1504", "microsoft_office_version": "15.0.4569.1504", "microsoft_power_point_version": "15.0.4569.1504", "microsoft_project_version": "15.0.4569.1504", "microsoft_publisher_version": "15.0.4569.1504", "microsoft_visio_version": "15.0.4569.1504", "microsoft_word_version": "15.0.4569.1504", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_756", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\SysWOW64\\svchost.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Local\\mtxLogMeInIgnition.IgnitionMutex", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1448", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Local\\mtxLogMeInIgnition.IgnitionMutex\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1449", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"cmd /K\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\asmpdd98.default\\signons.sqlite", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\mozilla\\firefox\\profiles\\asmpdd98.default\\signons.sqlite", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_credentials", "operation_desc": "Read data related to saved browser credentials", "ref_gfncalls": [ { "ref_id": "gfn_1937", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_credentials", "technique_desc": "Read saved credentials for \"Mozilla Firefox\".", "technique_path": "built_in._browser._browser_data_credentials.vmray_read_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_credentials", "operation_desc": "Read data related to saved browser credentials", "ref_gfncalls": [ { "ref_id": "gfn_2896", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_credentials", "technique_desc": "Read saved credentials for \"Google Chrome\".", "technique_path": "built_in._browser._browser_data_credentials.vmray_read_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "62.109.18.138", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_3544", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"butsulacoft.com\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_user", "category_desc": "User", "operation": "_bruteforce_user_account", "operation_desc": "Bruteforce user account", "ref_gfncalls": [ { "ref_id": "gfn_3731", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_bruteforce_user_account", "technique_desc": "Possibly trying to bruteforce the \"Guest\" account.", "technique_path": "built_in._user._bruteforce_user_account.vmray_bruteforce_user_account", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_4016", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\System32\\svchost.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_6104", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\BN649B.tmp\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "e", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_6106", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"e\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_6132", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"explorer.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_6134", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\users\\adu0vk~1\\appdata\\local\\temp\\bn649b.tmp\" reads from \"explorer.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_delay_execution", "operation_desc": "Delay execution", "ref_gfncalls": [ { "ref_id": "gfn_6394", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_delay_execution_by_sleep", "technique_desc": "One thread sleeps more than 5 minutes.", "technique_path": "built_in._anti_analysis._delay_execution.vmray_delay_execution_by_sleep", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{AE124E3B-FDD1-1422-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_6654", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{AE124E3B-FDD1-1422-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_system_data", "operation_desc": "Read system data", "ref_gfncalls": [ { "ref_id": "gfn_6678", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_windows_install_date", "technique_desc": "Read the Windows installation date from registry.", "technique_path": "built_in._info_stealing._read_system_data.vmray_read_windows_install_date", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_system_data", "operation_desc": "Read system data", "ref_gfncalls": [ { "ref_id": "gfn_6680", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_windows_license_by_registry", "technique_desc": "Readout Windows license key.", "technique_path": "built_in._info_stealing._read_system_data.vmray_read_windows_license_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\aaf4e053c", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_6731", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 4416 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\aaf4e053c\\1dc1e28ae\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{85B42B0A-98E0-3F84-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_6737", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{85B42B0A-98E0-3F84-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Local\\{85B47B09-C8E3-3F84-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_6738", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Local\\{85B47B09-C8E3-3F84-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{4F600524-B6CE-F550-C27E-E7A907E66EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_6742", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{4F600524-B6CE-F550-C27E-E7A907E66EA0}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_6764", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\syswow64\\msiexec.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_6767", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{4F600524-B6CE-F550-8E7E-E7A94BE66EA0}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_7009", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{8E6A7E3D-CDD7-345A-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_7013", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 1061 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Yqlozyzuz\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_7029", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{4F600524-B6CE-F550-1A7E-E7A9DFE66EA0}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{4F600524-B6CE-F550-027C-E7A9C7E46EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_7031", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{4F600524-B6CE-F550-027C-E7A9C7E46EA0}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{4F600524-B6CE-F550-6679-E7A9A3E16EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_7033", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{4F600524-B6CE-F550-6679-E7A9A3E16EA0}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_7289", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{4F600524-B6CE-F550-5E7C-E7A99BE46EA0}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_7526", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{4F600524-B6CE-F550-8E7D-E7A94BE56EA0}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_8005", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\tor.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_8022", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 1445 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Yqlozyzuz\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{D773FC21-4FCB-6D43-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8042", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{D773FC21-4FCB-6D43-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{86709C2F-2FC5-3C40-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8043", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{86709C2F-2FC5-3C40-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{E4529D1E-2EF4-5E62-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8044", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{E4529D1E-2EF4-5E62-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{E4529D1D-2EF7-5E62-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8045", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{E4529D1D-2EF7-5E62-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{E4529D1F-2EF5-5E62-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8046", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{E4529D1F-2EF5-5E62-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_8269", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 1828 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Yqlozyzuz\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_8676", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 3220 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Yqlozyzuz\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_8684", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 3315 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Yqlozyzuz\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_8691", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 6682 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Yqlozyzuz\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_8694", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 2123 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Xayqzo\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_8705", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 7244 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Yqlozyzuz\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{1F05FC9E-4F74-A535-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8724", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{1F05FC9E-4F74-A535-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{6E93744F-C7A5-D4A3-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8736", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{6E93744F-C7A5-D4A3-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_8742", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 7055 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Yqlozyzuz\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\{B7C3F14A-42A0-0DF3-65D9-FE61A0417768}", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8748", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\{B7C3F14A-42A0-0DF3-65D9-FE61A0417768}\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Seto", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_8988", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 9367 byte in \"HKEY_CURRENT_USER\\Software\\Microsoft\\Seto\\Yqlozyzuz\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_9158", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\certutil.exe\" -A -n \"yvesl\" -t \"C,C,C\" -i \"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\okguaxb.crt\" -d \"C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\asmpdd98.default\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\asmpdd98.default/key3.db", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\mozilla\\firefox\\profiles\\asmpdd98.default\\key3.db", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_credentials", "operation_desc": "Read data related to saved browser credentials", "ref_gfncalls": [ { "ref_id": "gfn_9379", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_master_key", "technique_desc": "Read the master key for \"Mozilla Firefox\".", "technique_path": "built_in._browser._browser_data_credentials.vmray_read_browser_master_key", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\program files\\microsoft office\\office15\\winword.exe\" modifies memory of \"c:\\windows\\syswow64\\svchost.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\syswow64\\svchost.exe\" modifies memory of \"c:\\windows\\syswow64\\svchost.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\adu0vk~1\\appdata\\local\\temp\\bn649b.tmp\" modifies memory of \"c:\\windows\\syswow64\\explorer.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\syswow64\\explorer.exe\" modifies memory of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\explorer.exe\" modifies memory of \"c:\\windows\\system32\\taskhost.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\explorer.exe\" modifies memory of \"c:\\windows\\system32\\dwm.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\explorer.exe\" modifies memory of \"c:\\windows\\syswow64\\msiexec.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\explorer.exe\" modifies memory of \"c:\\windows\\system32\\taskeng.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\windows\\syswow64\\svchost.exe\" alters context of \"c:\\windows\\syswow64\\svchost.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_remote_thread_system", "technique_desc": "\"c:\\windows\\syswow64\\explorer.exe\" creates thread in \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_create_remote_thread_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_remote_thread_system", "technique_desc": "\"c:\\windows\\explorer.exe\" creates thread in \"c:\\windows\\system32\\taskhost.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_create_remote_thread_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_remote_thread_system", "technique_desc": "\"c:\\windows\\explorer.exe\" creates thread in \"c:\\windows\\system32\\dwm.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_create_remote_thread_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_remote_thread_system", "technique_desc": "\"c:\\windows\\explorer.exe\" creates thread in \"c:\\windows\\syswow64\\msiexec.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_create_remote_thread_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_remote_thread_system", "technique_desc": "\"c:\\windows\\explorer.exe\" creates thread in \"c:\\windows\\system32\\taskeng.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_create_remote_thread_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_check_external_ip", "operation_desc": "Check external IP address", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_check_external_ip", "technique_desc": "Check external IP by asking IP info service at \"api.ipify.org/\".", "technique_path": "built_in._network._check_external_ip.vmray_check_external_ip", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_check_external_ip", "operation_desc": "Check external IP address", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_check_external_ip", "technique_desc": "Check external IP by asking IP info service at \"checkip.dyndns.org/\".", "technique_path": "built_in._network._check_external_ip.vmray_check_external_ip", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_3545", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"62.109.18.138:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_8638", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"127.0.0.1:49172\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_9226", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"82.223.21.74:9001\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_8453", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"127.0.0.1:9050\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "api.ipify.org/", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_928", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"api.ipify.org/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "butsulacoft.com/ls5/forum.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_939", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"butsulacoft.com/ls5/forum.php\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "supritofuld.ru/ls5/forum.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_945", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"supritofuld.ru/ls5/forum.php\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "tekstheks.nl/wp-admin/includes/1", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_952", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"tekstheks.nl/wp-admin/includes/1\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "tekstheks.nl/wp-admin/includes/2", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_4008", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"tekstheks.nl/wp-admin/includes/2\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "tekstheks.nl/wp-admin/includes/3", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_4025", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"tekstheks.nl/wp-admin/includes/3\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "butsulacoft.com/mlu/forum.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_3549", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"butsulacoft.com/mlu/forum.php\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "fortsiretbab.com/bdl/gate.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_8109", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"fortsiretbab.com/bdl/gate.php\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "checkip.dyndns.org/", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_8116", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"checkip.dyndns.org/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "butsulacoft.com/d2/about.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_5652", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"butsulacoft.com/d2/about.php\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "api.ipify.org/", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_928", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"api.ipify.org/\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "butsulacoft.com/ls5/forum.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_939", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"butsulacoft.com/ls5/forum.php\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "supritofuld.ru/ls5/forum.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_945", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"supritofuld.ru/ls5/forum.php\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "tekstheks.nl/wp-admin/includes/1", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_952", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"tekstheks.nl/wp-admin/includes/1\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "tekstheks.nl/wp-admin/includes/2", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_4008", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"tekstheks.nl/wp-admin/includes/2\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "tekstheks.nl/wp-admin/includes/3", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_4025", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"tekstheks.nl/wp-admin/includes/3\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "butsulacoft.com/mlu/forum.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_3549", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"butsulacoft.com/mlu/forum.php\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "fortsiretbab.com/bdl/gate.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_8109", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"fortsiretbab.com/bdl/gate.php\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "checkip.dyndns.org/", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_8116", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"checkip.dyndns.org/\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "butsulacoft.com/d2/about.php", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_5652", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"butsulacoft.com/d2/about.php\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_install_server", "operation_desc": "Setup server that accepts incoming connections", "ref_gfncalls": [ { "ref_id": "gfn_8049", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_tcp_server", "technique_desc": "TCP server listen on port \"32090\".", "technique_path": "built_in._network._install_server.vmray_install_tcp_server", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_install_server", "operation_desc": "Setup server that accepts incoming connections", "ref_gfncalls": [ { "ref_id": "gfn_8993", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_tcp_server", "technique_desc": "TCP server listen on port \"38078\".", "technique_path": "built_in._network._install_server.vmray_install_tcp_server", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_install_server", "operation_desc": "Setup server that accepts incoming connections", "ref_gfncalls": [ { "ref_id": "gfn_8636", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_tcp_server", "technique_desc": "TCP server listen on port \"0\".", "technique_path": "built_in._network._install_server.vmray_install_tcp_server", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_install_server", "operation_desc": "Setup server that accepts incoming connections", "ref_gfncalls": [ { "ref_id": "gfn_8644", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_tcp_server", "technique_desc": "TCP server listen on port \"9050\".", "technique_path": "built_in._network._install_server.vmray_install_tcp_server", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\bn649b.tmp\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libeay32.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libevent-2-0-5.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libgcc_s_sjlj-1.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\libssp-0.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\ssleay32.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\zlib1.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\certutil.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\freebl3.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\libnspr4.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\libplc4.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\libplds4.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\msvcr100.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\nss3.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\nssdbm3.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\nssutil3.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\smime3.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\softokn3.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\sqlite3.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\bn649b.tmp\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\tor.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\adu0vk~1\\appdata\\local\\temp\\certutil.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_macro_on_ws_event", "operation_desc": "Execute macro on specific worksheet event", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_macro_on_ws_event", "technique_desc": "Execute macro on \"Open Document\" event.", "technique_path": "built_in._vba._execute_macro_on_ws_event.vmray_execute_macro_on_ws_event", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }