{ "analysis_details": { "creation_time": "2017-10-04 04:23 (UTC+2)", "execution_successful": true, "number_of_processes": 15, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:02:12" }, "artifacts": { "files": [ { "filename": "C:\\Users\\EEBsYm5\\Desktop\\9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe", "hashes": [ { "md5_hash": "2090ff67346785ba32859de0065350c6", "sha1_hash": "045e46667befb09b91ff797bdee91e5ef43d2366", "sha256_hash": "9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\desktop\\9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "__tmp_rar_sfx_access_check_18052931", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\__tmp_rar_sfx_access_check_18052931", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "hin.ppt", "hashes": [ { "md5_hash": "b4069d0c0e00f8266018f1263d28314a", "sha1_hash": "da9e1711e225aa694f28ac81677f0a8840acbd56", "sha256_hash": "017a11f2c47b3329116d74da098437fef15a0283fd7df5b5cf16e167a74bf4bf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\hin.ppt", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "cvn-nhc", "hashes": [ { "md5_hash": "de1a6fbf02c16cacd54d414ed4e6f73e", "sha1_hash": "645a49fb10d04c18348e6614c3640cb2d732d7e2", "sha256_hash": "f0b7de110217d22b745eb45ad6c808974c667bb77dabdf824c7a439bb254d49d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cvn-nhc", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "cih.exe", "hashes": [ { "md5_hash": "71d8f6d5dc35517275bc38ebcc815f9f", "sha1_hash": "cae4e8c730de5a01d30aabeb3e5cb2136090ed8d", "sha256_hash": "fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "jdl.jpg", "hashes": [ { "md5_hash": "4cf50661adbe97e9144a1ae14e0cc2d4", "sha1_hash": "6cfecd4625e5cac62f73cd766c0695545615a80e", "sha256_hash": "01da59d2d9a62cc31d8a28f02e58762f775783d072dc92cd4882472991c6c489", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jdl.jpg", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "vqm.xl", "hashes": [ { "md5_hash": "39f5c28a7805e6993c878e2445b6de4f", "sha1_hash": "b1a4702db810d76ca9dab4a40b464161447a8485", "sha256_hash": "2fb689a6de68f133a7baab6c6f6458fae38c6dae4d90f62da2b90641a048fc2a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\vqm.xl", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "bcu.mp4", "hashes": [ { "md5_hash": "e800b240b278b15f7e04a9aa5aad5a94", "sha1_hash": "5c57cfd08c138ecb8aaf08638ff708ed0fc11e9c", "sha256_hash": "d4c33eed67247dbddc3dcd7400bd24fd7209a597f468978f014568c2ee0a7fd1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\bcu.mp4", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "rnr.mp3", "hashes": [ { "md5_hash": "a1c50816b65f30e2260479114d0bcab6", "sha1_hash": "74c73a920cbd9ef1057d4d8d7589363d14e4a55b", "sha256_hash": "c18f5a54575e9b56f95bbeb353318cba41fefbadc7f101589d5fc0df3fd56141", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\rnr.mp3", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "cvg.mp4", "hashes": [ { "md5_hash": "da230cfbc8a80e350c87d894eebb76b9", "sha1_hash": "ea6d7ae1dc826a9344c00a01d47e92ee60bd6d61", "sha256_hash": "bdfc89fb5460d262442882b76f31f9853370abd79e86be034afb53e2be694118", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cvg.mp4", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "chm.docx", "hashes": [ { "md5_hash": "84d55a12fc2416df5c1553ee17ad0992", "sha1_hash": "b402fc11ff5ef3552be26235e9fd016c7fe912b2", "sha256_hash": "918778adbeba224f4b9dd8910b717cf706563c35e06fbe0d04dfb00ced8678ee", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\chm.docx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "vua.jpg", "hashes": [ { "md5_hash": "6dd73a9654139bb6529a72207ddfde0f", "sha1_hash": "bd67f636d12ed1c4cff28f6a9a84e28b97d7f1a5", "sha256_hash": "42220eec08a393cd359ec79cb610d2a845926b8d8119eb505276564aa25698c9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\vua.jpg", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "oxl.ico", "hashes": [ { "md5_hash": "22c528e901375639d3a014f6fe12ed43", "sha1_hash": "74f6a3c188759980c3e7dc9de94642f86a18fb59", "sha256_hash": "1af85ae13aa9aa6114ec4c03cfd840fb8222eeceb611aac530411979bd9bede9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\oxl.ico", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "fun.mp4", "hashes": [ { "md5_hash": "41db425bddeb6edff3829ede53e4b059", "sha1_hash": "8355713e8ff5b27cc72f2a784d597be7d02e3c26", "sha256_hash": "668dff85c71ac5142e3105426be365b7834e1dd8e3e0043674a272af26138f35", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\fun.mp4", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "fqv.xl", "hashes": [ { "md5_hash": "2a8d81d0726edc11e6e4f75207fee58c", "sha1_hash": "041b9554b7a23b86240e82c0c18e0c34cfdd4ae1", "sha256_hash": "bc2d0c9ff398b2883465e9c5963d0a8933b034ae43f6002481f674b5ade6c839", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\fqv.xl", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "hgu.ico", "hashes": [ { "md5_hash": "e9a2566e0a5296cf122c7089e0558baf", "sha1_hash": "e7d3001b6b6ebf6928e942f4c8343f4f551e0284", "sha256_hash": "418946d3f5ab5a04d537045108c4e8db6dcb48bb465e2d0a01f91723b7948e49", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\hgu.ico", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "brh.ppt", "hashes": [ { "md5_hash": "fda5e079dbe06cc05c59ba4e27fa48c2", "sha1_hash": "88181205ec8323e457d5bcd4e7a03cea28ad47c7", "sha256_hash": "75cfe292e1d9d6bd3bdadfe1ce6bef7a57bfc2a6bb7ce6fecd497bf4ec583c37", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\brh.ppt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "xqa.mp4", "hashes": [ { "md5_hash": "d46dd879f8205faa467df9c9a0019a9d", "sha1_hash": "25631b0a07e69d1dc8e93e5e51946a27f98d2b17", "sha256_hash": "aa93b72e74034ed72878672e776fbe7fa55e93f78e485a337cbeae4bd18f4917", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\xqa.mp4", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "jub.bmp", "hashes": [ { "md5_hash": "81932b74d719d9feaee98fd12634ac5b", "sha1_hash": "a7283637bc88dacb689b39cebfc28a91e32f1e03", "sha256_hash": "1c9ccc3a409e293eadbb70410de3c3405da55ceb47d36a639054b6f5c10a3c91", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jub.bmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "jgu.bmp", "hashes": [ { "md5_hash": "2a84b8aefabec88301c0f50f7cfb46f6", "sha1_hash": "e4b2c15448b6dace8cfa8227784b3f9396a2f498", "sha256_hash": "ef754e4a3efc638823684023ef2ddbbcdaf1354c290e4c33ef394df4c2a8d2ca", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jgu.bmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "tik.icm", "hashes": [ { "md5_hash": "74efb6a98e74a829daafef9945004dca", "sha1_hash": "c5102cd3b0d7602f51099a27657b37a3bf787561", "sha256_hash": "bf1ab35f7bd5d5fc365d2c176bb5c5374e578b8424ed0fde82f55d1eae1d350d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\tik.icm", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "wjv.pdf", "hashes": [ { "md5_hash": "1474405a725bc37f9fea9479c11a78bf", "sha1_hash": "b57f9f373b5323f3b701bf350fd98cf8a827b3ff", "sha256_hash": "d83ec42f0ff63cf14851f789e85f2dc33d76cb4c2409e1488f7474df2086033f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\wjv.pdf", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "nvl.xl", "hashes": [ { "md5_hash": "90ca387ad342c41ae796173d560ccf84", "sha1_hash": "eb03b500bbf683a889c4758d228b55cedddd4c30", "sha256_hash": "0ecf3eb5d0f794e7e32a941580da8641bff3bf248a68df43a35ae16d77eda192", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\nvl.xl", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "xfg.dat", "hashes": [ { "md5_hash": "c82da2a4e862c90a2d961098b1d64956", "sha1_hash": "7edf516e6c807d8fa5aa912e23d9460721769207", "sha256_hash": "db7f2a223fef17affd13a518ac21c7675942bd475bc416dd78c7c6c186548b64", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\xfg.dat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "aqa.bmp", "hashes": [ { "md5_hash": "f8b9deca33aba33d64623f47e7c88855", "sha1_hash": "a70b7a6327133486d04d4d3c57bd8930a3e3a698", "sha256_hash": "449952af1c2bd2a2e1878b3a81044793305185a7d27f0066521645906a5040c7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\aqa.bmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "rnj.mp3", "hashes": [ { "md5_hash": "6effc77853a885dd155870e04545880b", "sha1_hash": "98ebfdb5b3ef2c2db538a290a0a26bc6cf885916", "sha256_hash": "89b82044c02980606c7d6b39aa2cf08b66ca0db7e1b5ad23a7c0d64e056340d2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\rnj.mp3", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "eff.icm", "hashes": [ { "md5_hash": "c2f588f89c85d3c2c97e128f27234f2c", "sha1_hash": "b2b64e8b77e831f3a16fdd1da61f8f64f514b19e", "sha256_hash": "1e8e0cc104f8c880f3a6d312f6bdc99c5f3f4fd3ee081eee7e2534ed511209fd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\eff.icm", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "isi.xl", "hashes": [ { "md5_hash": "469067bf5a94e9002cf154a81f397c6a", "sha1_hash": "737b86b50e3998052920f02bde3ad487743f1a6a", "sha256_hash": "6b418ce9673895fb76b32b67faf05073e577444d82bf42ff21733e1f057c3d60", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\isi.xl", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "upe.mp3", "hashes": [ { "md5_hash": "62bd082578b0e38bc2b6b731b4a5ec49", "sha1_hash": "3f6c8024888bf3caa19e6ad7db4a8f29859bdaa9", "sha256_hash": "00a79f22f8ed82f6ea362254d04578bfa498dfed0d2ab8f733e6fbace1c2c078", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\upe.mp3", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "fpo.xl", "hashes": [ { "md5_hash": "ff594e995d9f6268a047cc2e269eb2b9", "sha1_hash": "a0a8692e4560d122d0dd359157544b32fdc57cd0", "sha256_hash": "6cc6a2d2a8196b938e5e332df30d025374d6c98a18c5e707021141966203d7e1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\fpo.xl", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "wlk.pdf", "hashes": [ { "md5_hash": "747d40f9300dbb3ba36d7310b5ee40da", "sha1_hash": "90d715455eb32004107a92bf810df71371ed4047", "sha256_hash": "cef051d14bcbc14e12f9d130f71e8b285b37117cd20c23678419b9ab8659300d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\wlk.pdf", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "nlb.pdf", "hashes": [ { "md5_hash": "a49efa6c9f872faad2232a4b6a2394a7", "sha1_hash": "c8dff7972de40ab025314a8c74b5bb8e1552170e", "sha256_hash": "97b1b6f6884f0f92342576a9667c5cb3c1b61fabc8a0b1b23d1f57582b0624d3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\nlb.pdf", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "emv.bmp", "hashes": [ { "md5_hash": "04f1e686525064abfdb4bfd7ff29a0b5", "sha1_hash": "47748ea5978245b49c8136d9e147059afeb06ffe", "sha256_hash": "8e3de8ce80c00091cb1aaa93f590226c7ac53a509926cdd815301237dd8e9e1b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\emv.bmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "raq.jpg", "hashes": [ { "md5_hash": "e5d188010c3203e2d37d4225d6cae53b", "sha1_hash": "430d4c308efdb225a74e10d3facefa8e44252be1", "sha256_hash": "93846c06cef1c5515a1f78e95c040be5c75d3b6c78bf6438cf12fd7345d3c1c8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\raq.jpg", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "nep.mp4", "hashes": [ { "md5_hash": "498138dfbfbe52214e73e9c1141aa981", "sha1_hash": "bc7166b6abe72bb216d77d48185330668186bb88", "sha256_hash": "b1b69fb21d93d6bae3fbcf8338aa66ee2791362ec5f918bd9dc45c1c14d4749c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\nep.mp4", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "neo.ico", "hashes": [ { "md5_hash": "a128399da3f11bda3f2164a97cb2b531", "sha1_hash": "0d00f9e17e6445805ef34c8fdb68fe8e38ab4868", "sha256_hash": "dcf09d4181263a2a3b0787085f7b8dc8913245c0d6ac535e16f8a77ba17ecc91", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\neo.ico", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "wxv.mp4", "hashes": [ { "md5_hash": "924bdfca849290fd510d72a39da75d43", "sha1_hash": "b5c18c00e3596b8a87d068f67e59f46aba6509da", "sha256_hash": "b32f0a65698effe8c62e482bf9b6aec6f5fd496d52da525dca2078988956d3d9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\wxv.mp4", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "beb.ppt", "hashes": [ { "md5_hash": "afcc6587b4839826588ae54512851ef8", "sha1_hash": "e55525356075eba71766e12d7db9d67ef4cdd8cc", "sha256_hash": "5fdfa5c8afbda02553bbf95969ca4434c57456b4e51a56330fddd770d9f84277", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\beb.ppt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "als.txt", "hashes": [ { "md5_hash": "a81eeaae706a9e8ab123d3ed140d837e", "sha1_hash": "3f0feac929dd6f1f5776298da84a14298f12cb10", "sha256_hash": "169b9a0889e98c8e239c472e3041fccb2433c668f269782b28c74648c5135ba7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\als.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "jkg.txt", "hashes": [ { "md5_hash": "0f7278aeb0c194405013a9963334e38c", "sha1_hash": "2b7dab89793af056f56e84b9a1040c2c3e01f5a9", "sha256_hash": "0c9293277fd0325971a2cf297d88460ad8df83d40f09f947fb36a50c59ad9c31", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jkg.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "idv.xl", "hashes": [ { "md5_hash": "307fe5bd3f52c0aefb503401e2b08505", "sha1_hash": "67ef51104877c6e6ca67e868b2a5d589e415a255", "sha256_hash": "79bb5d0d7e6e403335b863935f832da481a550f7174e77f56a112d5a1f7bff8f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\idv.xl", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "erk.ico", "hashes": [ { "md5_hash": "0a5b38cbc77ff6bfd9ca434eb372e88e", "sha1_hash": "a093894e555294518d98937f61e1eac26298539b", "sha256_hash": "a3cc42516891627a6ff9dcc5dcca3a4deaefbbf2f9a5411a644a34242b57f6f7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\erk.ico", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "jfo.dat", "hashes": [ { "md5_hash": "faf4d8efca05d9b305d0970a8417274c", "sha1_hash": "847aff73ea3889518231b2a8e5aa2befd843f48b", "sha256_hash": "4f081e6dfab65d9c1910303f41fafac0e3652e2af3713140d8cc30d79aed912e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jfo.dat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "pac.ppt", "hashes": [ { "md5_hash": "bc062df0b1cf65138efbd74028d417ee", "sha1_hash": "4e3254580fc0eea7fcd2daa270b5e94e7fca7560", "sha256_hash": "b007b3703bec0526df06de06a88e97f706f09554ac2eb930cad38a80a3c663f7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\pac.ppt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "okk.pdf", "hashes": [ { "md5_hash": "7c65637227835e997638cdbbdda237db", "sha1_hash": "ddd80c708a202210df0c6bab2d53fad31510c77a", "sha256_hash": "26f1259b8d53d6b4a43da7ebf431f4aff6617bbad13a188e9b4f534e21fd94b5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\okk.pdf", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "dxj.docx", "hashes": [ { "md5_hash": "1690024ca4904bc8664deb3b5c046a09", "sha1_hash": "d78d488168c4a91dfb4883107bb0b344e47f6103", "sha256_hash": "dc2a1291b72a6b56d6acf1a4d52278ff82a9ac18d20f650d7bf1c1527a0675d1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\dxj.docx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "tob.ico", "hashes": [ { "md5_hash": "5d4a58ea600887506e113f87226108a7", "sha1_hash": "6fd6c6d7b08df98858f8cd8bab2a8ddbaef39b78", "sha256_hash": "f6b0188a75c7fa2bcc06eb7d5de15a84facab9b2e2cc8d54aa7708833888d49b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\tob.ico", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "guv.xl", "hashes": [ { "md5_hash": "df21088736f29414e1aeacbea6dd4adb", "sha1_hash": "2444bd270127ae12148eaf048fe82021f5580952", "sha256_hash": "0bb6caa082e474fd47bdb620aa88536820e95f84cef92dcbda4fb686f29b3c3a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\guv.xl", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "hjd.mp4", "hashes": [ { "md5_hash": "ce4596068d05d9436fa2512cfe90a81a", "sha1_hash": "4e209aede4adcee82bb4a8008291069a3a558f5c", "sha256_hash": "54f750492edac60c64348bf5131e7ec5c2e60aa796d80194b673b9e632c9c9cd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\hjd.mp4", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "ain.icm", "hashes": [ { "md5_hash": "d997ac87e2adca0fe86fb0ba4a628299", "sha1_hash": "14cae556c130ac9c5fa65168e9680893a4c73899", "sha256_hash": "c4a221aabd4c8dbc1ba62bd28e79af98b2e7a2c5d624c5f5c889352499bb47af", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\ain.icm", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "ugv.icm", "hashes": [ { "md5_hash": "a8ca3dd1e20cbeba4c51df819b7bb68e", "sha1_hash": "36d2b3b494d42d9958553cad17fa04819dfa2883", "sha256_hash": "d7820ee70bff4ff3f6922ab56d97c88aa79eb8591311d3a6c58b33c1c289d14a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\ugv.icm", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "hin.ppt", "hashes": [], "norm_filename": "hin.ppt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "cvn-nhc", "hashes": [], "norm_filename": "cvn-nhc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "cih.exe", "hashes": [], "norm_filename": "cih.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "jdl.jpg", "hashes": [], "norm_filename": "jdl.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "vqm.xl", "hashes": [], "norm_filename": "vqm.xl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "bcu.mp4", "hashes": [], "norm_filename": "bcu.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "rnr.mp3", "hashes": [], "norm_filename": "rnr.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "cvg.mp4", "hashes": [], "norm_filename": "cvg.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "chm.docx", "hashes": [], "norm_filename": "chm.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "vua.jpg", "hashes": [], "norm_filename": "vua.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "oxl.ico", "hashes": [], "norm_filename": "oxl.ico", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "fun.mp4", "hashes": [], "norm_filename": "fun.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "fqv.xl", "hashes": [], "norm_filename": "fqv.xl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "hgu.ico", "hashes": [], "norm_filename": "hgu.ico", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "brh.ppt", "hashes": [], "norm_filename": "brh.ppt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "xqa.mp4", "hashes": [], "norm_filename": "xqa.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "jub.bmp", "hashes": [], "norm_filename": "jub.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "jgu.bmp", "hashes": [], "norm_filename": "jgu.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "tik.icm", "hashes": [], "norm_filename": "tik.icm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "wjv.pdf", "hashes": [], "norm_filename": "wjv.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "nvl.xl", "hashes": [], "norm_filename": "nvl.xl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "xfg.dat", "hashes": [], "norm_filename": "xfg.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "aqa.bmp", "hashes": [], "norm_filename": "aqa.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "rnj.mp3", "hashes": [], "norm_filename": "rnj.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "eff.icm", "hashes": [], "norm_filename": "eff.icm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "isi.xl", "hashes": [], "norm_filename": "isi.xl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "upe.mp3", "hashes": [], "norm_filename": "upe.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "fpo.xl", "hashes": [], "norm_filename": "fpo.xl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "wlk.pdf", "hashes": [], "norm_filename": "wlk.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "nlb.pdf", "hashes": [], "norm_filename": "nlb.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "emv.bmp", "hashes": [], "norm_filename": "emv.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "raq.jpg", "hashes": [], "norm_filename": "raq.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "nep.mp4", "hashes": [], "norm_filename": "nep.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "neo.ico", "hashes": [], "norm_filename": "neo.ico", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "wxv.mp4", "hashes": [], "norm_filename": "wxv.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "beb.ppt", "hashes": [], "norm_filename": "beb.ppt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "als.txt", "hashes": [], "norm_filename": "als.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "jkg.txt", "hashes": [], "norm_filename": "jkg.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "idv.xl", "hashes": [], "norm_filename": "idv.xl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "erk.ico", "hashes": [], "norm_filename": "erk.ico", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "jfo.dat", "hashes": [], "norm_filename": "jfo.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "pac.ppt", "hashes": [], "norm_filename": "pac.ppt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "okk.pdf", "hashes": [], "norm_filename": "okk.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "dxj.docx", "hashes": [], "norm_filename": "dxj.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "tob.ico", "hashes": [], "norm_filename": "tob.ico", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "guv.xl", "hashes": [], "norm_filename": "guv.xl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "hjd.mp4", "hashes": [], "norm_filename": "hjd.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "ain.icm", "hashes": [], "norm_filename": "ain.icm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "ugv.icm", "hashes": [], "norm_filename": "ugv.icm", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5", "hashes": [], "norm_filename": "c:\\users\\eebsym5", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\IWLWK", "hashes": [ { "md5_hash": "1ddc15ba0f5ad90873d42c41f4a2abc3", "sha1_hash": "4cc438d56cd0317c3cd75f6630f2ce4ce4b31ca0", "sha256_hash": "c1492aca20af26af0c906dc391b808f2b227904a8948aa7b34caeddb70fc83cb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\iwlwk", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "*.*", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\*.*", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "60484525", "hashes": [], "norm_filename": "60484525", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\spd", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\spd", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\widfu", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\widfu", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\moqutzmqrxoadnrfihvxswbpaqgibrkh", "hashes": [ { "md5_hash": "f3b25701fe362ec84616a93a45ce9998", "sha1_hash": "d62636d8caec13f04e28442a0a6fa1afeb024bbb", "sha256_hash": "b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\moqutzmqrxoadnrfihvxswbpaqgibrkh", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\chrome\\logs.dat", "hashes": [ { "md5_hash": "38182931074f70c4af328e12641acd51", "sha1_hash": "96a8d3ad86aa0991ed7e8a0b89b1e3ea007d4327", "sha256_hash": "f05dd4eb5990bd9ca1497af17ab66595f92853535c1619748d316e09a4a1a126", "type": "file_hash", "version": 1 }, { "md5_hash": "4241be51b5abe777809dc6f32247a4a9", "sha1_hash": "24df3e03dd8d4a0467a7887c9ce865f630f03725", "sha256_hash": "6bf4b2ce4815a57a74e5314f7087bad520eeb4fadc849c3088b62e24ca7dea8c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\chrome\\logs.dat", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\zljxukhl", "hashes": [ { "md5_hash": "b2912991f1be1bdf15ea7028328cc3bf", "sha1_hash": "a18027ccd9e804696cac7dc581c58ce59b77e3c5", "sha256_hash": "1035b4c326e3ee76f23a9532c2de82ba28071fb55ebfa27f99f48bb08f7c8114", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\zljxukhl", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@ad13.adfarm1.adition[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@ad13.adfarm1.adition[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@adfarm1.adition[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@adfarm1.adition[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@adform[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@adform[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@adnxs[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@adnxs[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@adtech[2].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@adtech[2].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@advertising[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@advertising[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@api.bing[2].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@api.bing[2].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@at.atwola[2].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@at.atwola[2].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@bing[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@bing[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@bs.serving-sys[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@bs.serving-sys[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@bs.serving-sys[2].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@bs.serving-sys[2].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@c.bing[2].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@c.bing[2].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@c.msn[2].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@c.msn[2].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@google[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@google[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@linkedin[2].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@linkedin[2].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@msn[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@msn[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@scorecardresearch[2].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@scorecardresearch[2].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@serving-sys[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@serving-sys[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@track.adform[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@track.adform[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@www.bing[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@www.bing[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@www.linkedin[1].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@www.linkedin[1].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\eebsym5@www.msn[2].txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\eebsym5@www.msn[2].txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\cookies.sqlite", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\cookies.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\logins.json", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\logins.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\key3.db", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\key3.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\default\\cookies", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\chrome\\logs.dat", "hashes": [ { "md5_hash": "38182931074f70c4af328e12641acd51", "sha1_hash": "96a8d3ad86aa0991ed7e8a0b89b1e3ea007d4327", "sha256_hash": "f05dd4eb5990bd9ca1497af17ab66595f92853535c1619748d316e09a4a1a126", "type": "file_hash", "version": 1 }, { "md5_hash": "4241be51b5abe777809dc6f32247a4a9", "sha1_hash": "24df3e03dd8d4a0467a7887c9ce865f630f03725", "sha256_hash": "6bf4b2ce4815a57a74e5314f7087bad520eeb4fadc849c3088b62e24ca7dea8c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\chrome\\logs.dat", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\chrome", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\chrome", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017100420171005\\index.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012017100420171005\\index.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017070520170706\\index.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017070520170706\\index.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\default\\web data", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs_lng.ini", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs_lng.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV24.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\webcache\\webcachev24.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\history.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\places.sqlite", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\places.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Firefox\\nss3.dll", "hashes": [], "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.sqlite", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Firefox\\sqlite3.dll", "hashes": [], "norm_filename": "c:\\program files\\mozilla firefox\\sqlite3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Firefox\\mozsqlite3.dll", "hashes": [], "norm_filename": "c:\\program files\\mozilla firefox\\mozsqlite3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Sea Monkey\\nss3.dll", "hashes": [], "norm_filename": "c:\\program files\\sea monkey\\nss3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\crashpad\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\crashpad\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\default\\web data-wal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\default\\login data-wal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\origintrials\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\origintrials\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\pepperflash\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\pepperflash\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\pnacl\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\pnacl\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\swiftshader\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\swiftshader\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\swreporter\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\swreporter\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Web Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\apple computer\\preferences\\keychain.plist", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Opera\\Opera\\wand.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\opera\\opera\\wand.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\opera\\opera7\\profile\\wand.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\opera software\\opera stable\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "trillian", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\trillian", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Trillian\\users\\global", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\trillian\\users\\global", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Profiles", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\.gaim", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\.gaim", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\.purple", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\.purple", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Miranda", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\miranda", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\MySpace\\IM\\users.txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\myspace\\im\\users.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Digsby\\digsby.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\digsby\\digsby.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons.txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons2.txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons2.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\h231daer.default\\signons3.txt", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\mozilla\\firefox\\profiles\\h231daer.default\\signons3.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows Mail\\account{553187ED-CFB2-4763-8DAE-48D3609A76AC}.oeaccount", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows mail\\account{553187ed-cfb2-4763-8dae-48d3609a76ac}.oeaccount", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows Mail\\account{91E541D8-6C9E-48C0-AB69-0A7168AA62DE}.oeaccount", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows mail\\account{91e541d8-6c9e-48c0-ab69-0a7168aa62de}.oeaccount", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows Mail\\account{DD8DA3D5-48F0-4F18-846C-50E4200467F0}.oeaccount", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows mail\\account{dd8da3d5-48f0-4f18-846c-50e4200467f0}.oeaccount", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Thunderbird\\Profiles", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\thunderbird\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Thunderbird", "hashes": [], "norm_filename": "c:\\program files\\mozilla thunderbird", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\KQMAO", "hashes": [ { "md5_hash": "1ddc15ba0f5ad90873d42c41f4a2abc3", "sha1_hash": "4cc438d56cd0317c3cd75f6630f2ce4ce4b31ca0", "sha256_hash": "c1492aca20af26af0c906dc391b808f2b227904a8948aa7b34caeddb70fc83cb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\kqmao", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "0409", "hashes": [], "norm_filename": "0409", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "*.*", "hashes": [], "norm_filename": "c:\\windows\\system32\\*.*", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "0409", "hashes": [], "norm_filename": "c:\\windows\\system32\\0409", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\wqnqmshpoxvbxmnplxmoexxv", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\wqnqmshpoxvbxmnplxmoexxv", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\mwixlzwnapdxngrlcvznt", "hashes": [ { "md5_hash": "f3b25701fe362ec84616a93a45ce9998", "sha1_hash": "d62636d8caec13f04e28442a0a6fa1afeb024bbb", "sha256_hash": "b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\mwixlzwnapdxngrlcvznt", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\gsabfkrjcfngatbtcigqhckmyel", "hashes": [ { "md5_hash": "b2912991f1be1bdf15ea7028328cc3bf", "sha1_hash": "a18027ccd9e804696cac7dc581c58ce59b77e3c5", "sha256_hash": "1035b4c326e3ee76f23a9532c2de82ba28071fb55ebfa27f99f48bb08f7c8114", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\gsabfkrjcfngatbtcigqhckmyel", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "trillian", "hashes": [], "norm_filename": "c:\\windows\\system32\\trillian", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "185.62.188.68", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "34419-GRNPWA", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Remcos_Mutex_Inj", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Mutex_RemWatchdog", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Control Panel\\Mouse", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\AutoIt v3\\AutoIt", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access", "read", "delete" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\34419-GRNPWA\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox 25.0\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\seamonkey.exe", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Trillian", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Miranda", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\MSNMessenger", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\MessengerService", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\America Online\\AOL Instant Messenger (TM)\\CurrentVersion\\Users", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\America Online\\AIM6\\Passwords", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\AIM\\AIMPRO", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Yahoo\\Pager", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mirabilis\\ICQ\\NewOwners", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mirabilis\\ICQ\\NewOwners", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Google\\Google Talk\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Google\\Google Desktop\\Mailboxes", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Paltalk", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Qualcomm\\Eudora\\CommandLine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Software\\Qualcomm\\Eudora\\CommandLine\\current", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Thunderbird", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{74A13782-B361-4204-9DAA-0A3D49DA4337}\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\0a0d020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\24f93cf8ea9a9546b93f8dc78abb6a97", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\3c51f4951df2d34baef1a05b725728d2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\42405d6c3502e64caa2aeda354771336", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\5e8673e5f416694397a90d6dc37f5694", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\600082486368c34683de3c06ff753b3b", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\6c393c97bf8f52408197f7e63b61e548", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\8503020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9fd587aab699e24cb035dd8129bd6b5b", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\d9417b97bf6b594d89a41cdbed740112", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\ddb0922fc50b8d42be5a821ede840761", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\e3233d298149174193c9c78f955de155", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\e50f0eb5db19ee44ba2717941e28e885", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\\Calendar Summary", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\IncrediMail\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\IncrediMail\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Group Mail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Live Mail", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_2", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\__tmp_rar_sfx_access_check_18052931", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_53", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\widfu", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_58", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\wqnqmshpoxvbxmnplxmoexxv", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da9e1711e225aa694f28ac81677f0a8840acbd56", "file_type": "created_file", "id": "file_3", "md5_hash": "b4069d0c0e00f8266018f1263d28314a", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\hin.ppt", "sha1_hash": "da9e1711e225aa694f28ac81677f0a8840acbd56", "sha256_hash": "017a11f2c47b3329116d74da098437fef15a0283fd7df5b5cf16e167a74bf4bf", "size": 771181, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/645a49fb10d04c18348e6614c3640cb2d732d7e2", "file_type": "created_file", "id": "file_4", "md5_hash": "de1a6fbf02c16cacd54d414ed4e6f73e", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cvn-nhc", "sha1_hash": "645a49fb10d04c18348e6614c3640cb2d732d7e2", "sha256_hash": "f0b7de110217d22b745eb45ad6c808974c667bb77dabdf824c7a439bb254d49d", "size": 3022508, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cae4e8c730de5a01d30aabeb3e5cb2136090ed8d", "file_type": "created_file", "id": "file_5", "md5_hash": "71d8f6d5dc35517275bc38ebcc815f9f", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "sha1_hash": "cae4e8c730de5a01d30aabeb3e5cb2136090ed8d", "sha256_hash": "fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b", "size": 750320, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6cfecd4625e5cac62f73cd766c0695545615a80e", "file_type": "created_file", "id": "file_6", "md5_hash": "4cf50661adbe97e9144a1ae14e0cc2d4", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jdl.jpg", "sha1_hash": "6cfecd4625e5cac62f73cd766c0695545615a80e", "sha256_hash": "01da59d2d9a62cc31d8a28f02e58762f775783d072dc92cd4882472991c6c489", "size": 593, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b1a4702db810d76ca9dab4a40b464161447a8485", "file_type": "created_file", "id": "file_7", "md5_hash": "39f5c28a7805e6993c878e2445b6de4f", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\vqm.xl", "sha1_hash": "b1a4702db810d76ca9dab4a40b464161447a8485", "sha256_hash": "2fb689a6de68f133a7baab6c6f6458fae38c6dae4d90f62da2b90641a048fc2a", "size": 525, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c57cfd08c138ecb8aaf08638ff708ed0fc11e9c", "file_type": "created_file", "id": "file_8", "md5_hash": "e800b240b278b15f7e04a9aa5aad5a94", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\bcu.mp4", "sha1_hash": "5c57cfd08c138ecb8aaf08638ff708ed0fc11e9c", "sha256_hash": "d4c33eed67247dbddc3dcd7400bd24fd7209a597f468978f014568c2ee0a7fd1", "size": 521, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/74c73a920cbd9ef1057d4d8d7589363d14e4a55b", "file_type": "created_file", "id": "file_9", "md5_hash": "a1c50816b65f30e2260479114d0bcab6", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\rnr.mp3", "sha1_hash": "74c73a920cbd9ef1057d4d8d7589363d14e4a55b", "sha256_hash": "c18f5a54575e9b56f95bbeb353318cba41fefbadc7f101589d5fc0df3fd56141", "size": 556, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ea6d7ae1dc826a9344c00a01d47e92ee60bd6d61", "file_type": "created_file", "id": "file_10", "md5_hash": "da230cfbc8a80e350c87d894eebb76b9", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cvg.mp4", "sha1_hash": "ea6d7ae1dc826a9344c00a01d47e92ee60bd6d61", "sha256_hash": "bdfc89fb5460d262442882b76f31f9853370abd79e86be034afb53e2be694118", "size": 505, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b402fc11ff5ef3552be26235e9fd016c7fe912b2", "file_type": "created_file", "id": "file_11", "md5_hash": "84d55a12fc2416df5c1553ee17ad0992", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\chm.docx", "sha1_hash": "b402fc11ff5ef3552be26235e9fd016c7fe912b2", "sha256_hash": "918778adbeba224f4b9dd8910b717cf706563c35e06fbe0d04dfb00ced8678ee", "size": 614, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bd67f636d12ed1c4cff28f6a9a84e28b97d7f1a5", "file_type": "created_file", "id": "file_12", "md5_hash": "6dd73a9654139bb6529a72207ddfde0f", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\vua.jpg", "sha1_hash": "bd67f636d12ed1c4cff28f6a9a84e28b97d7f1a5", "sha256_hash": "42220eec08a393cd359ec79cb610d2a845926b8d8119eb505276564aa25698c9", "size": 509, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/74f6a3c188759980c3e7dc9de94642f86a18fb59", "file_type": "created_file", "id": "file_13", "md5_hash": "22c528e901375639d3a014f6fe12ed43", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\oxl.ico", "sha1_hash": "74f6a3c188759980c3e7dc9de94642f86a18fb59", "sha256_hash": "1af85ae13aa9aa6114ec4c03cfd840fb8222eeceb611aac530411979bd9bede9", "size": 520, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8355713e8ff5b27cc72f2a784d597be7d02e3c26", "file_type": "created_file", "id": "file_14", "md5_hash": "41db425bddeb6edff3829ede53e4b059", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\fun.mp4", "sha1_hash": "8355713e8ff5b27cc72f2a784d597be7d02e3c26", "sha256_hash": "668dff85c71ac5142e3105426be365b7834e1dd8e3e0043674a272af26138f35", "size": 633, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/041b9554b7a23b86240e82c0c18e0c34cfdd4ae1", "file_type": "created_file", "id": "file_15", "md5_hash": "2a8d81d0726edc11e6e4f75207fee58c", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\fqv.xl", "sha1_hash": "041b9554b7a23b86240e82c0c18e0c34cfdd4ae1", "sha256_hash": "bc2d0c9ff398b2883465e9c5963d0a8933b034ae43f6002481f674b5ade6c839", "size": 567, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e7d3001b6b6ebf6928e942f4c8343f4f551e0284", "file_type": "created_file", "id": "file_16", "md5_hash": "e9a2566e0a5296cf122c7089e0558baf", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\hgu.ico", "sha1_hash": "e7d3001b6b6ebf6928e942f4c8343f4f551e0284", "sha256_hash": "418946d3f5ab5a04d537045108c4e8db6dcb48bb465e2d0a01f91723b7948e49", "size": 569, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88181205ec8323e457d5bcd4e7a03cea28ad47c7", "file_type": "created_file", "id": "file_17", "md5_hash": "fda5e079dbe06cc05c59ba4e27fa48c2", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\brh.ppt", "sha1_hash": "88181205ec8323e457d5bcd4e7a03cea28ad47c7", "sha256_hash": "75cfe292e1d9d6bd3bdadfe1ce6bef7a57bfc2a6bb7ce6fecd497bf4ec583c37", "size": 597, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/25631b0a07e69d1dc8e93e5e51946a27f98d2b17", "file_type": "created_file", "id": "file_18", "md5_hash": "d46dd879f8205faa467df9c9a0019a9d", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\xqa.mp4", "sha1_hash": "25631b0a07e69d1dc8e93e5e51946a27f98d2b17", "sha256_hash": "aa93b72e74034ed72878672e776fbe7fa55e93f78e485a337cbeae4bd18f4917", "size": 551, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a7283637bc88dacb689b39cebfc28a91e32f1e03", "file_type": "created_file", "id": "file_19", "md5_hash": "81932b74d719d9feaee98fd12634ac5b", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jub.bmp", "sha1_hash": "a7283637bc88dacb689b39cebfc28a91e32f1e03", "sha256_hash": "1c9ccc3a409e293eadbb70410de3c3405da55ceb47d36a639054b6f5c10a3c91", "size": 574, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e4b2c15448b6dace8cfa8227784b3f9396a2f498", "file_type": "created_file", "id": "file_20", "md5_hash": "2a84b8aefabec88301c0f50f7cfb46f6", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jgu.bmp", "sha1_hash": "e4b2c15448b6dace8cfa8227784b3f9396a2f498", "sha256_hash": "ef754e4a3efc638823684023ef2ddbbcdaf1354c290e4c33ef394df4c2a8d2ca", "size": 532, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c5102cd3b0d7602f51099a27657b37a3bf787561", "file_type": "created_file", "id": "file_21", "md5_hash": "74efb6a98e74a829daafef9945004dca", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\tik.icm", "sha1_hash": "c5102cd3b0d7602f51099a27657b37a3bf787561", "sha256_hash": "bf1ab35f7bd5d5fc365d2c176bb5c5374e578b8424ed0fde82f55d1eae1d350d", "size": 550, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b57f9f373b5323f3b701bf350fd98cf8a827b3ff", "file_type": "created_file", "id": "file_22", "md5_hash": "1474405a725bc37f9fea9479c11a78bf", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\wjv.pdf", "sha1_hash": "b57f9f373b5323f3b701bf350fd98cf8a827b3ff", "sha256_hash": "d83ec42f0ff63cf14851f789e85f2dc33d76cb4c2409e1488f7474df2086033f", "size": 539, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eb03b500bbf683a889c4758d228b55cedddd4c30", "file_type": "created_file", "id": "file_23", "md5_hash": "90ca387ad342c41ae796173d560ccf84", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\nvl.xl", "sha1_hash": "eb03b500bbf683a889c4758d228b55cedddd4c30", "sha256_hash": "0ecf3eb5d0f794e7e32a941580da8641bff3bf248a68df43a35ae16d77eda192", "size": 526, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7edf516e6c807d8fa5aa912e23d9460721769207", "file_type": "created_file", "id": "file_24", "md5_hash": "c82da2a4e862c90a2d961098b1d64956", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\xfg.dat", "sha1_hash": "7edf516e6c807d8fa5aa912e23d9460721769207", "sha256_hash": "db7f2a223fef17affd13a518ac21c7675942bd475bc416dd78c7c6c186548b64", "size": 520, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a70b7a6327133486d04d4d3c57bd8930a3e3a698", "file_type": "created_file", "id": "file_25", "md5_hash": "f8b9deca33aba33d64623f47e7c88855", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\aqa.bmp", "sha1_hash": "a70b7a6327133486d04d4d3c57bd8930a3e3a698", "sha256_hash": "449952af1c2bd2a2e1878b3a81044793305185a7d27f0066521645906a5040c7", "size": 557, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/98ebfdb5b3ef2c2db538a290a0a26bc6cf885916", "file_type": "created_file", "id": "file_26", "md5_hash": "6effc77853a885dd155870e04545880b", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\rnj.mp3", "sha1_hash": "98ebfdb5b3ef2c2db538a290a0a26bc6cf885916", "sha256_hash": "89b82044c02980606c7d6b39aa2cf08b66ca0db7e1b5ad23a7c0d64e056340d2", "size": 547, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b2b64e8b77e831f3a16fdd1da61f8f64f514b19e", "file_type": "created_file", "id": "file_27", "md5_hash": "c2f588f89c85d3c2c97e128f27234f2c", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\eff.icm", "sha1_hash": "b2b64e8b77e831f3a16fdd1da61f8f64f514b19e", "sha256_hash": "1e8e0cc104f8c880f3a6d312f6bdc99c5f3f4fd3ee081eee7e2534ed511209fd", "size": 522, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/737b86b50e3998052920f02bde3ad487743f1a6a", "file_type": "created_file", "id": "file_28", "md5_hash": "469067bf5a94e9002cf154a81f397c6a", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\isi.xl", "sha1_hash": "737b86b50e3998052920f02bde3ad487743f1a6a", "sha256_hash": "6b418ce9673895fb76b32b67faf05073e577444d82bf42ff21733e1f057c3d60", "size": 507, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3f6c8024888bf3caa19e6ad7db4a8f29859bdaa9", "file_type": "created_file", "id": "file_29", "md5_hash": "62bd082578b0e38bc2b6b731b4a5ec49", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\upe.mp3", "sha1_hash": "3f6c8024888bf3caa19e6ad7db4a8f29859bdaa9", "sha256_hash": "00a79f22f8ed82f6ea362254d04578bfa498dfed0d2ab8f733e6fbace1c2c078", "size": 578, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a0a8692e4560d122d0dd359157544b32fdc57cd0", "file_type": "created_file", "id": "file_30", "md5_hash": "ff594e995d9f6268a047cc2e269eb2b9", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\fpo.xl", "sha1_hash": "a0a8692e4560d122d0dd359157544b32fdc57cd0", "sha256_hash": "6cc6a2d2a8196b938e5e332df30d025374d6c98a18c5e707021141966203d7e1", "size": 581, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/90d715455eb32004107a92bf810df71371ed4047", "file_type": "created_file", "id": "file_31", "md5_hash": "747d40f9300dbb3ba36d7310b5ee40da", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\wlk.pdf", "sha1_hash": "90d715455eb32004107a92bf810df71371ed4047", "sha256_hash": "cef051d14bcbc14e12f9d130f71e8b285b37117cd20c23678419b9ab8659300d", "size": 536, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c8dff7972de40ab025314a8c74b5bb8e1552170e", "file_type": "created_file", "id": "file_32", "md5_hash": "a49efa6c9f872faad2232a4b6a2394a7", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\nlb.pdf", "sha1_hash": "c8dff7972de40ab025314a8c74b5bb8e1552170e", "sha256_hash": "97b1b6f6884f0f92342576a9667c5cb3c1b61fabc8a0b1b23d1f57582b0624d3", "size": 541, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/47748ea5978245b49c8136d9e147059afeb06ffe", "file_type": "created_file", "id": "file_33", "md5_hash": "04f1e686525064abfdb4bfd7ff29a0b5", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\emv.bmp", "sha1_hash": "47748ea5978245b49c8136d9e147059afeb06ffe", "sha256_hash": "8e3de8ce80c00091cb1aaa93f590226c7ac53a509926cdd815301237dd8e9e1b", "size": 511, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/430d4c308efdb225a74e10d3facefa8e44252be1", "file_type": "created_file", "id": "file_34", "md5_hash": "e5d188010c3203e2d37d4225d6cae53b", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\raq.jpg", "sha1_hash": "430d4c308efdb225a74e10d3facefa8e44252be1", "sha256_hash": "93846c06cef1c5515a1f78e95c040be5c75d3b6c78bf6438cf12fd7345d3c1c8", "size": 514, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bc7166b6abe72bb216d77d48185330668186bb88", "file_type": "created_file", "id": "file_35", "md5_hash": "498138dfbfbe52214e73e9c1141aa981", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\nep.mp4", "sha1_hash": "bc7166b6abe72bb216d77d48185330668186bb88", "sha256_hash": "b1b69fb21d93d6bae3fbcf8338aa66ee2791362ec5f918bd9dc45c1c14d4749c", "size": 589, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0d00f9e17e6445805ef34c8fdb68fe8e38ab4868", "file_type": "created_file", "id": "file_36", "md5_hash": "a128399da3f11bda3f2164a97cb2b531", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\neo.ico", "sha1_hash": "0d00f9e17e6445805ef34c8fdb68fe8e38ab4868", "sha256_hash": "dcf09d4181263a2a3b0787085f7b8dc8913245c0d6ac535e16f8a77ba17ecc91", "size": 551, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b5c18c00e3596b8a87d068f67e59f46aba6509da", "file_type": "created_file", "id": "file_37", "md5_hash": "924bdfca849290fd510d72a39da75d43", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\wxv.mp4", "sha1_hash": "b5c18c00e3596b8a87d068f67e59f46aba6509da", "sha256_hash": "b32f0a65698effe8c62e482bf9b6aec6f5fd496d52da525dca2078988956d3d9", "size": 526, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e55525356075eba71766e12d7db9d67ef4cdd8cc", "file_type": "created_file", "id": "file_38", "md5_hash": "afcc6587b4839826588ae54512851ef8", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\beb.ppt", "sha1_hash": "e55525356075eba71766e12d7db9d67ef4cdd8cc", "sha256_hash": "5fdfa5c8afbda02553bbf95969ca4434c57456b4e51a56330fddd770d9f84277", "size": 530, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3f0feac929dd6f1f5776298da84a14298f12cb10", "file_type": "created_file", "id": "file_39", "md5_hash": "a81eeaae706a9e8ab123d3ed140d837e", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\als.txt", "sha1_hash": "3f0feac929dd6f1f5776298da84a14298f12cb10", "sha256_hash": "169b9a0889e98c8e239c472e3041fccb2433c668f269782b28c74648c5135ba7", "size": 512, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2b7dab89793af056f56e84b9a1040c2c3e01f5a9", "file_type": "created_file", "id": "file_40", "md5_hash": "0f7278aeb0c194405013a9963334e38c", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jkg.txt", "sha1_hash": "2b7dab89793af056f56e84b9a1040c2c3e01f5a9", "sha256_hash": "0c9293277fd0325971a2cf297d88460ad8df83d40f09f947fb36a50c59ad9c31", "size": 588, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/67ef51104877c6e6ca67e868b2a5d589e415a255", "file_type": "created_file", "id": "file_41", "md5_hash": "307fe5bd3f52c0aefb503401e2b08505", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\idv.xl", "sha1_hash": "67ef51104877c6e6ca67e868b2a5d589e415a255", "sha256_hash": "79bb5d0d7e6e403335b863935f832da481a550f7174e77f56a112d5a1f7bff8f", "size": 550, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a093894e555294518d98937f61e1eac26298539b", "file_type": "created_file", "id": "file_42", "md5_hash": "0a5b38cbc77ff6bfd9ca434eb372e88e", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\erk.ico", "sha1_hash": "a093894e555294518d98937f61e1eac26298539b", "sha256_hash": "a3cc42516891627a6ff9dcc5dcca3a4deaefbbf2f9a5411a644a34242b57f6f7", "size": 576, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/847aff73ea3889518231b2a8e5aa2befd843f48b", "file_type": "created_file", "id": "file_43", "md5_hash": "faf4d8efca05d9b305d0970a8417274c", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\jfo.dat", "sha1_hash": "847aff73ea3889518231b2a8e5aa2befd843f48b", "sha256_hash": "4f081e6dfab65d9c1910303f41fafac0e3652e2af3713140d8cc30d79aed912e", "size": 556, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4e3254580fc0eea7fcd2daa270b5e94e7fca7560", "file_type": "created_file", "id": "file_44", "md5_hash": "bc062df0b1cf65138efbd74028d417ee", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\pac.ppt", "sha1_hash": "4e3254580fc0eea7fcd2daa270b5e94e7fca7560", "sha256_hash": "b007b3703bec0526df06de06a88e97f706f09554ac2eb930cad38a80a3c663f7", "size": 564, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ddd80c708a202210df0c6bab2d53fad31510c77a", "file_type": "created_file", "id": "file_45", "md5_hash": "7c65637227835e997638cdbbdda237db", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\okk.pdf", "sha1_hash": "ddd80c708a202210df0c6bab2d53fad31510c77a", "sha256_hash": "26f1259b8d53d6b4a43da7ebf431f4aff6617bbad13a188e9b4f534e21fd94b5", "size": 538, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d78d488168c4a91dfb4883107bb0b344e47f6103", "file_type": "created_file", "id": "file_46", "md5_hash": "1690024ca4904bc8664deb3b5c046a09", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\dxj.docx", "sha1_hash": "d78d488168c4a91dfb4883107bb0b344e47f6103", "sha256_hash": "dc2a1291b72a6b56d6acf1a4d52278ff82a9ac18d20f650d7bf1c1527a0675d1", "size": 651, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6fd6c6d7b08df98858f8cd8bab2a8ddbaef39b78", "file_type": "created_file", "id": "file_47", "md5_hash": "5d4a58ea600887506e113f87226108a7", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\tob.ico", "sha1_hash": "6fd6c6d7b08df98858f8cd8bab2a8ddbaef39b78", "sha256_hash": "f6b0188a75c7fa2bcc06eb7d5de15a84facab9b2e2cc8d54aa7708833888d49b", "size": 575, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2444bd270127ae12148eaf048fe82021f5580952", "file_type": "created_file", "id": "file_48", "md5_hash": "df21088736f29414e1aeacbea6dd4adb", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\guv.xl", "sha1_hash": "2444bd270127ae12148eaf048fe82021f5580952", "sha256_hash": "0bb6caa082e474fd47bdb620aa88536820e95f84cef92dcbda4fb686f29b3c3a", "size": 550, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4e209aede4adcee82bb4a8008291069a3a558f5c", "file_type": "created_file", "id": "file_49", "md5_hash": "ce4596068d05d9436fa2512cfe90a81a", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\hjd.mp4", "sha1_hash": "4e209aede4adcee82bb4a8008291069a3a558f5c", "sha256_hash": "54f750492edac60c64348bf5131e7ec5c2e60aa796d80194b673b9e632c9c9cd", "size": 543, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/14cae556c130ac9c5fa65168e9680893a4c73899", "file_type": "created_file", "id": "file_50", "md5_hash": "d997ac87e2adca0fe86fb0ba4a628299", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\ain.icm", "sha1_hash": "14cae556c130ac9c5fa65168e9680893a4c73899", "sha256_hash": "c4a221aabd4c8dbc1ba62bd28e79af98b2e7a2c5d624c5f5c889352499bb47af", "size": 532, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36d2b3b494d42d9958553cad17fa04819dfa2883", "file_type": "created_file", "id": "file_51", "md5_hash": "a8ca3dd1e20cbeba4c51df819b7bb68e", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\ugv.icm", "sha1_hash": "36d2b3b494d42d9958553cad17fa04819dfa2883", "sha256_hash": "d7820ee70bff4ff3f6922ab56d97c88aa79eb8591311d3a6c58b33c1c289d14a", "size": 549, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4cc438d56cd0317c3cd75f6630f2ce4ce4b31ca0", "file_type": "created_file", "id": "file_52", "md5_hash": "1ddc15ba0f5ad90873d42c41f4a2abc3", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\iwlwk", "sha1_hash": "4cc438d56cd0317c3cd75f6630f2ce4ce4b31ca0", "sha256_hash": "c1492aca20af26af0c906dc391b808f2b227904a8948aa7b34caeddb70fc83cb", "size": 277864, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4cc438d56cd0317c3cd75f6630f2ce4ce4b31ca0", "file_type": "created_file", "id": "file_57", "md5_hash": "1ddc15ba0f5ad90873d42c41f4a2abc3", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\kqmao", "sha1_hash": "4cc438d56cd0317c3cd75f6630f2ce4ce4b31ca0", "sha256_hash": "c1492aca20af26af0c906dc391b808f2b227904a8948aa7b34caeddb70fc83cb", "size": 277864, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d62636d8caec13f04e28442a0a6fa1afeb024bbb", "file_type": "created_file", "id": "file_54", "md5_hash": "f3b25701fe362ec84616a93a45ce9998", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\moqutzmqrxoadnrfihvxswbpaqgibrkh", "sha1_hash": "d62636d8caec13f04e28442a0a6fa1afeb024bbb", "sha256_hash": "b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209", "size": 2, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d62636d8caec13f04e28442a0a6fa1afeb024bbb", "file_type": "created_file", "id": "file_59", "md5_hash": "f3b25701fe362ec84616a93a45ce9998", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\mwixlzwnapdxngrlcvznt", "sha1_hash": "d62636d8caec13f04e28442a0a6fa1afeb024bbb", "sha256_hash": "b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209", "size": 2, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a18027ccd9e804696cac7dc581c58ce59b77e3c5", "file_type": "created_file", "id": "file_55", "md5_hash": "b2912991f1be1bdf15ea7028328cc3bf", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\zljxukhl", "sha1_hash": "a18027ccd9e804696cac7dc581c58ce59b77e3c5", "sha256_hash": "1035b4c326e3ee76f23a9532c2de82ba28071fb55ebfa27f99f48bb08f7c8114", "size": 469, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a18027ccd9e804696cac7dc581c58ce59b77e3c5", "file_type": "created_file", "id": "file_60", "md5_hash": "b2912991f1be1bdf15ea7028328cc3bf", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\gsabfkrjcfngatbtcigqhckmyel", "sha1_hash": "a18027ccd9e804696cac7dc581c58ce59b77e3c5", "sha256_hash": "1035b4c326e3ee76f23a9532c2de82ba28071fb55ebfa27f99f48bb08f7c8114", "size": 469, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/96a8d3ad86aa0991ed7e8a0b89b1e3ea007d4327", "file_type": "created_file", "id": "file_56", "md5_hash": "38182931074f70c4af328e12641acd51", "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\chrome\\logs.dat", "sha1_hash": "96a8d3ad86aa0991ed7e8a0b89b1e3ea007d4327", "sha256_hash": "f05dd4eb5990bd9ca1497af17ab66595f92853535c1619748d316e09a4a1a126", "size": 19, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/24df3e03dd8d4a0467a7887c9ce865f630f03725", "file_type": "created_file", "id": "file_61", "md5_hash": "4241be51b5abe777809dc6f32247a4a9", "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\chrome\\logs.dat", "sha1_hash": "24df3e03dd8d4a0467a7887c9ce865f630f03725", "sha256_hash": "6bf4b2ce4815a57a74e5314f7087bad520eeb4fadc849c3088b62e24ca7dea8c", "size": 13, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000136-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000136-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "a37b606067bb37cfbe0d80f2966edede", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5db29a831020b569ab4f0a232caf0d83a8dd220e", "sha256_hash": "fe25b8f8edaf11260bdeeacb3d7f36518ff60c4d07f5f333909bbd6fe513b54c", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000137-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000137-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "91b23d4c66553c11dc4fae3b1b3cfb98", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f61075acbcadffa42f6741ac673cb8547e2d63e2", "sha256_hash": "e4193383bb636ae10746276c88eb645a89b7e7823f276eaa02d64ec778aa8018", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000140-addr_0x0000000000400000-size_0x0000000000033000-perm_rwx.bin", "filename": "process_00000001-region_00000140-addr_0x0000000000400000-size_0x0000000000033000-perm_rwx.bin", "id": "proc_dump_64", "md5_hash": "5370bdd9c05f831492740db89c70c58e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "de4b9921329de4bf41a76e082ebec2262e6d3532", "sha256_hash": "dcba9bcd1dc0db49fe06e9e801fae2e0304870836a135c567c7a1074a5176239", "size": 97792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000144-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000144-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "14aa0aac6cfb11752dc997e57619385a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e4dcf1ee84570be3e78d82036e0cc89fb8cc48c", "sha256_hash": "e8d7e6c7c5d61e8148cbe9c0f7041fccc7004c915c5d75d418c4888839afaa8e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000145-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000145-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "7c41a48e5539036bcb7c0a5b4e5e6278", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "feebbd835fd2fdc04edc0357065742dab649e3ef", "sha256_hash": "bb9e31190389b34f45a2558990dc6514d54a5224f9f6ecc6b4c25e5f14dd0f53", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000146-addr_0x00000000001b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000146-addr_0x00000000001b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_67", "md5_hash": "5c589715452110eae1b87ccd3f435013", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52ec021b95502cf5a1bada8aa8dd06bee4b7307f", "sha256_hash": "08aa01618b9873ab2f38c674363533bd60111439614a340862e3c76542ccb443", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000167-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000167-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_68", "md5_hash": "65a2e11afbc65c39ec4e173617b8df56", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0be2210d6c46573f77b36bf2f893026009e4ed7a", "sha256_hash": "c5532067c601c36a48f317c97d82883a2b3f053b89a2f6429ddd4977c78d1785", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000170-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000170-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_69", "md5_hash": "55606420c33d33ffc00ea76bc528c997", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cc314a085356e3cbdb5055efbf0a7abf2d242173", "sha256_hash": "c0358eb40e79c26f843069f8b18f3234d18caaf71bdd6834bfbbb365ddad0cb4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000171-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000171-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_70", "md5_hash": "d4147082e5f84f8f817c60dd0810bb6b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f906ce74f3d3146880a15dfdcba6a522ef95a98b", "sha256_hash": "c2da6b8e1063a756b7cb06b7ea7430b7eae0a740e0ee89de261dbf1be8395aef", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000179-addr_0x0000000000550000-size_0x00000000000b0000-perm_rw.bin", "filename": "process_00000001-region_00000179-addr_0x0000000000550000-size_0x00000000000b0000-perm_rw.bin", "id": "proc_dump_71", "md5_hash": "fb55b95233e9da15dd6dc8c7a2e99b60", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a7931a26c402d4c8ac9c4cd6a8a505fef159295", "sha256_hash": "219f3aa5ac5b43da09b4347a65f0d7d666977188f1700cb0eb5038852f7f3230", "size": 720896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000184-addr_0x00000000015c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000184-addr_0x00000000015c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_72", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000189-addr_0x0000000000190000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000189-addr_0x0000000000190000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "e8fc63620469bb5030a34febe5134b0e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eece35a6693556dede8245fcc62d25d897725e01", "sha256_hash": "073e808685eea4d05686912af3bb34f8441d000eef82a7d48dea3d218eeaacf4", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000190-addr_0x0000000001a40000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000190-addr_0x0000000001a40000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "6b56687e394d91776f6c8df43adf5031", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "021361081b98a89ff8826994bb8670d877e0da56", "sha256_hash": "41eae5ed5c825bcf91ff178c2d1d6ec7f77a78535be97f7171ea25026c0ff3cb", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000191-addr_0x0000000001ac0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000001-region_00000191-addr_0x0000000001ac0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "00a626c9ea4ba7583eb02f244b3ee8d1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b9f8875ab532de3223831a6b89e09eb776024703", "sha256_hash": "d9633ee8fc51a8e02fce4d3e70419285a29f3739007b8ae77555fd5da3d69a2a", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000196-addr_0x00000000005c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000196-addr_0x00000000005c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_76", "md5_hash": "ad132cc6494b7faa5ddc27aaf8a813d3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c97fc08243d567e70aa88988cac985fb7057abf", "sha256_hash": "13156fb9cd190f49b133517cbfb7d47646babbabc60092467b7e5fb04a06916f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000199-addr_0x00000000023f0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000001-region_00000199-addr_0x00000000023f0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_77", "md5_hash": "1e8714e03310fafdd9100a425501c9a0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "946f90ed87ae794c74b738e8d0f1ead8ede75882", "sha256_hash": "4d78dc7192cb5d30d965a4b6e96e7f22fc85ee390726f780c5d567aa21b8cc51", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000200-addr_0x00000000023f0000-size_0x0000000000401000-perm_rw.bin", "filename": "process_00000001-region_00000200-addr_0x00000000023f0000-size_0x0000000000401000-perm_rw.bin", "id": "proc_dump_78", "md5_hash": "0ee8ef054ce21ffd88f8a0f2b547dc70", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "24e3fcca6b8b2914dc135e9f7b2d976c53d78f1d", "sha256_hash": "b9765c839dee22c4822f050ab76ecb35ed72402a1bee47dbd4e277c582bcaa45", "size": 4198400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000204-addr_0x00000000023f0000-size_0x0000000000401000-perm_rw.bin", "filename": "process_00000001-region_00000204-addr_0x00000000023f0000-size_0x0000000000401000-perm_rw.bin", "id": "proc_dump_79", "md5_hash": "5f553388208474ba0490aa2f6538ba46", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e38789b2abaab43c089cee41e4a474aaddab48a", "sha256_hash": "167b703a84326a62a9c277a0a39359012751f08d5f85ab5ab68c5dbf900e71ac", "size": 4198400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000205-addr_0x0000000002800000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000001-region_00000205-addr_0x0000000002800000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_80", "md5_hash": "6273f250ef21c8aa3191459896bce4d1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "916c703ed9a5d3125fdbc729478c175aad1bcb3d", "sha256_hash": "df4794cf60800553689706c8e4f90f511619122e8aa829aa5574e7c03c63cafe", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000213-addr_0x0000000001600000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000213-addr_0x0000000001600000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_81", "md5_hash": "d6c21e0cb031b93c02de1fd6af6402e8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad84b4fd69e6a09fcad51ea553fe3fecbf6c47da", "sha256_hash": "5363da9655865682c1656b1fcf095e223c22c3f51e07ea032dd5177610096430", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000219-addr_0x0000000002470000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000219-addr_0x0000000002470000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_82", "md5_hash": "37c99b2dde79f17e407103f2658faf0b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a68cce3253ca0d73e1772c613d877895656cea34", "sha256_hash": "e543552c2e4d2917d4a4ab81c0994a76cfabc76780b6df72c75f91330bd1454e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000223-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000223-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_83", "md5_hash": "07b7ac86b0b9f18a7b54b7772bb641d9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b033fa3a769a773773c46d7ce4907a0a508d273", "sha256_hash": "daa53c7907a60b09dded91c6a523c3576f91ba46d022d4a45ab10e086953885c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000232-addr_0x0000000002570000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000232-addr_0x0000000002570000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_84", "md5_hash": "e9c46551cf3ed2cdffbb5f41b65de035", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "34fd9501d30464271102a899e0f3c84aa183ceb4", "sha256_hash": "52bb5dfd25aa4fc7bdbdf0cf0480a5084c9da597406bb470e35aa7d8d58d959f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000234-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000234-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_85", "md5_hash": "219594f6667a7d1d77eab72c0f2e0a70", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3702a11cac62dd1518634ffe81a6314a130565bc", "sha256_hash": "95f894ad10899d588874078ed741afce339a0d2559cc9881738c599ff72f0306", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000235-addr_0x0000000002680000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000235-addr_0x0000000002680000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_86", "md5_hash": "9eb1cd4ad079522151db23a0d12a181c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bddf10ff91138301bdbe718f0188ede3deaee556", "sha256_hash": "3bc4df8da550300bd1e1f1e7bfba36b0619bddc09998c77b238d1b947457d1bb", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000236-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000236-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_87", "md5_hash": "da9e5f660901e23e5410fb445c5a6ddd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8c861297aa96bfaf93320e19fba6fb40449405ab", "sha256_hash": "e16d00506c6e6cd303e82669371d42a31be562ed493658a03dbf780a57cfaa92", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000237-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000237-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_88", "md5_hash": "0bcc89faab5fcd939a0386ececdc6db7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d5c2aa68a0b2b67e680c3a2ecfa48fa20c1a9490", "sha256_hash": "de6668da7afde7982e9f0f0709b459cefebace5e2439cb2086919868cf722bad", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000240-addr_0x0000000000090000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000002-region_00000240-addr_0x0000000000090000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_89", "md5_hash": "e827974a5e6162946e288f40e1c4de02", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc4945cb1442e717e740a0170b37e8907368c9f2", "sha256_hash": "bf3e00ecd491ef49e729dc4f6a8111211bb1274f9244e6e74928a546c93ef4dd", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000241-addr_0x00000000008b0000-size_0x00000000000cc000-perm_rwx.bin", "filename": "process_00000002-region_00000241-addr_0x00000000008b0000-size_0x00000000000cc000-perm_rwx.bin", "id": "proc_dump_90", "md5_hash": "caa08579139c3fb84c08b8d17fc169f0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dfe05797046571545bba78c67f64eeeb98a33a11", "sha256_hash": "c0ece63bec324d9a3e34931362d2667c9b723e5a9d84a48a80ca4b4d2103f282", "size": 742400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000245-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000245-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_91", "md5_hash": "c5877cbeae7427037a8f3965eb15608e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "476ab8036502ec6b1f58670e89bfde8628111416", "sha256_hash": "fcc94e0c8b09550f8e0ff09a42a0dbbbaafd279990331af548068a45138670bd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000246-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000246-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_92", "md5_hash": "ff7dfd5505e02020b40ebbe6292e4977", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c7f4cf4c4cc6d9ee0f796b59630dbcadb07d464c", "sha256_hash": "2688e1ca6d235c7b6dedea55db5b300f0325f3b4624d72894cec33e9d54afee9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000249-addr_0x00000000006d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000249-addr_0x00000000006d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_93", "md5_hash": "049152f264c339978e6d461006bae674", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d5b703ae34c2e68239500f679bbdc7adf5281190", "sha256_hash": "fc170de859aed5c68ea4505738b9bd8fed9601d5b35a7e14ae6e628a2e6b4c76", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000250-addr_0x0000000000aa0000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000002-region_00000250-addr_0x0000000000aa0000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_94", "md5_hash": "80db8be6a74907f89ef61f9f8b4db744", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cac497231fb8945c1b7e91614b2a6a52d922dd14", "sha256_hash": "4a68a7ce2ad744a9b053dd8551868d6ad02e297e1c49f88c7bd958a85f42f869", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000285-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000285-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_95", "md5_hash": "4930d27ea0b5d398333d789effe5edd8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dae5660a60357cce7bf713cfef89ecb1c08da085", "sha256_hash": "3a9541f43537fb66c6e525d41b79bc07d9ec6af521fcf516887a088199d52a90", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000286-addr_0x0000000000050000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000286-addr_0x0000000000050000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_96", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000290-addr_0x0000000001c00000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000290-addr_0x0000000001c00000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_97", "md5_hash": "23370a12575129a4ae3b49ff3589958f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c2c54fc030ea3a0d3b675e841ebb33bdbe2ed154", "sha256_hash": "cd9323c482e13760055dd15cd8eb9b0db5fcf9b9922957109de891042b3525d4", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000292-addr_0x0000000001c10000-size_0x00000000001e0000-perm_rw.bin", "filename": "process_00000002-region_00000292-addr_0x0000000001c10000-size_0x00000000001e0000-perm_rw.bin", "id": "proc_dump_98", "md5_hash": "b60d3aa3f420701451efdbc54f6ac688", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dcda72e986bdbf097a32e10faea5dffaf0d058a3", "sha256_hash": "307f995e36b4b9677273adfe105a2107f8ef306250e54753551a6899f9c2ebbe", "size": 1966080, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000297-addr_0x00000000020e0000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000002-region_00000297-addr_0x00000000020e0000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_99", "md5_hash": "80ef3ba6a0409133f77587b09a6ca7e6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aceeb2c693088fa189d4ae115e907cfe8bb31ed7", "sha256_hash": "7259abf3c87a3ee29b878cb47734359bf26ebf1fec52151b16a1f1e834221fe6", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000298-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000298-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_100", "md5_hash": "91c3e37f07c0dea1dc64ffef07d91cc5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b06c07f6ad9f25c923a929a8c2bcaeb26b58195", "sha256_hash": "7c106c3d60ca567b0b4ebaa5c5d7b7d46b4dcd2d92c02dc094cb26c0635db343", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000308-addr_0x0000000000800000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000308-addr_0x0000000000800000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_101", "md5_hash": "04fe2aca20354bb73acd47eaf98ec8ab", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a4cef1a7a048a76ee141e41a508cbd275cf849c1", "sha256_hash": "7b5785c93cd3f0742814c8e56ad976d8265adf774381d0660c47630a728a6e59", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000309-addr_0x0000000000980000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000309-addr_0x0000000000980000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_102", "md5_hash": "bed31b15319e3b5ed407e8280cf8c59a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a07ff17282f655f32709fffa4c6ce87f89258664", "sha256_hash": "768a6258af3aef3f32e80ecc5126fd3ea1b508355123fba4b84a1ac72b46a57b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000311-addr_0x00000000029e0000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000002-region_00000311-addr_0x00000000029e0000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_103", "md5_hash": "5898423af834ffcab319291d8417ef0a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "008950ec88a2bd2eef60343738c81c54f2a74501", "sha256_hash": "7bede59da9baad88712da977d935d9b49ae8a7417a5f1014a284a51d12f85d17", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000312-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000312-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_104", "md5_hash": "2e77afa6e0e80ba6866245e88faa1c10", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "999d11e90b789af4a2d76b3c22ca2d955a40be20", "sha256_hash": "26ea2ea5983c24d613aa50097751e1dfcf61c5a7ed5d5f2e70ce4aae8ec843e1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000314-addr_0x0000000000810000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000314-addr_0x0000000000810000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_105", "md5_hash": "956747e1d913ba4d3e853d1dc4faa29f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2cb0a2011e4639ba8699435e4098fba43027be8f", "sha256_hash": "1676a108640aafa79e8c1abeca15feb815f04d45d5be166df6696b6bf70ed70d", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000315-addr_0x0000000002de0000-size_0x0000000000220000-perm_rw.bin", "filename": "process_00000002-region_00000315-addr_0x0000000002de0000-size_0x0000000000220000-perm_rw.bin", "id": "proc_dump_106", "md5_hash": "a266da0f276743ff6c1ca64c6ca8601e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e2e41316ce444a773d1f8d7040e5c28afa26678", "sha256_hash": "51406ebb3364f8111394d4dc33770db0bf19de30a4cfe4d9344ee533f67056b2", "size": 2228224, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000316-addr_0x0000000000890000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000316-addr_0x0000000000890000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_107", "md5_hash": "2cd1f2619cdbc276f86c134b62d688bd", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2fa438b16fb3fec4c1f694b255d1464483c5c21d", "sha256_hash": "8253234f7111ef668b20257d1c30efbc6f88ae919f73262ec22bf897d5e97833", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000368-addr_0x0000000002de0000-size_0x00000000001bd000-perm_rw.bin", "filename": "process_00000002-region_00000368-addr_0x0000000002de0000-size_0x00000000001bd000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "179ede79ed0a9eeec63e248b39323f1b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94790ed4946bf37a5aeb67b2baf00ab21d80f29b", "sha256_hash": "41aa449bfe7577a85a4bd309b801c5956b4427fb75a75589c566d93502d65053", "size": 1822720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000369-addr_0x0000000002fc0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000369-addr_0x0000000002fc0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "76991bba8bc947002844f000e34fe2b6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43aebf1340b9fad6bce9341502d17ac9eca40606", "sha256_hash": "55738aef53d93b1e4fdf1f6398d453a9f0e24fc2d2ee97bd0bac662b71f9ca82", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000372-addr_0x0000000003000000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000002-region_00000372-addr_0x0000000003000000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_112", "md5_hash": "1c132c12008972044ae754966ff9ae9f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3dad451970a489ebae6b2c0dea522240b6e27980", "sha256_hash": "6f1d443563307384250eefb5bce95bb8423d6a2530c246670c06b0f4eba42a25", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000373-addr_0x0000000003310000-size_0x0000000000110000-perm_rw.bin", "filename": "process_00000002-region_00000373-addr_0x0000000003310000-size_0x0000000000110000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "266c89070593a5b5ff8478ce46542ad5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a16258830ee09b3e607b8e00c7e70c2e7191df5c", "sha256_hash": "f1b8a4ced5f4080db57441cb83584240646d28d1634bce4dee8302179235fefe", "size": 1114112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000374-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000374-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "9d09d399ff0e19d3a2a19e6f604d3585", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b24e8db0018e093ffd7b036e6a4675805601df3", "sha256_hash": "0c5b1078076e295ba50f30d0bb7fd5382bbedb72d13e049cb8649ae8411e5bf1", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000429-addr_0x00000000006e0000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000003-region_00000429-addr_0x00000000006e0000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000451-addr_0x0000000002630000-size_0x0000000000110000-perm_rw.bin", "filename": "process_00000003-region_00000451-addr_0x0000000002630000-size_0x0000000000110000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "8c4fc3c516fc1656cc5e0a08ba5def33", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ce442c2cd0a767b88b50b24ed968bc8f2d4aa6c", "sha256_hash": "ed36ebd90b3d0f5c98755962d7f620398d6dbf0cf677f9e9074f2f8988ac7ad2", "size": 774144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000455-addr_0x0000000002940000-size_0x00000000001bd000-perm_rw.bin", "filename": "process_00000003-region_00000455-addr_0x0000000002940000-size_0x00000000001bd000-perm_rw.bin", "id": "proc_dump_117", "md5_hash": "179ede79ed0a9eeec63e248b39323f1b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94790ed4946bf37a5aeb67b2baf00ab21d80f29b", "sha256_hash": "41aa449bfe7577a85a4bd309b801c5956b4427fb75a75589c566d93502d65053", "size": 1822720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000457-addr_0x0000000002de0000-size_0x00000000001bd000-perm_rw.bin", "filename": "process_00000003-region_00000457-addr_0x0000000002de0000-size_0x00000000001bd000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "179ede79ed0a9eeec63e248b39323f1b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94790ed4946bf37a5aeb67b2baf00ab21d80f29b", "sha256_hash": "41aa449bfe7577a85a4bd309b801c5956b4427fb75a75589c566d93502d65053", "size": 1822720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000472-addr_0x00000000032a0000-size_0x00000000001bd000-perm_rw.bin", "filename": "process_00000003-region_00000472-addr_0x00000000032a0000-size_0x00000000001bd000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "179ede79ed0a9eeec63e248b39323f1b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94790ed4946bf37a5aeb67b2baf00ab21d80f29b", "sha256_hash": "41aa449bfe7577a85a4bd309b801c5956b4427fb75a75589c566d93502d65053", "size": 1822720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000492-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000492-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "9425c4f6ea20182f2a7521fb1ae2c783", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1bb83439a7867d5a43afc6a1f8bf05d8c60612e8", "sha256_hash": "c06c2215f012fbd066aabb47ff81046a05a0b377f0a4604441ba2038260d1e71", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000557-addr_0x0000000001d30000-size_0x00000000001d0000-perm_rw.bin", "filename": "process_00000004-region_00000557-addr_0x0000000001d30000-size_0x00000000001d0000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "5a6140844676ab662405d5ced5e845f1", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18889a747a4c310d5e51204ee8f11b200df8c6fb", "sha256_hash": "37cdbeab1479b1f906254e366688443de2045771339f7253a9b4df7ecd5cea0f", "size": 1900544, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000562-addr_0x0000000001d30000-size_0x0000000000170000-perm_rw.bin", "filename": "process_00000004-region_00000562-addr_0x0000000001d30000-size_0x0000000000170000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "34b82f10a373e7e20e5b78e91781f902", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6753cad0918823da14329a71da524c2acd7f0f7d", "sha256_hash": "135481b131a8f8a99f33935b004f44e9266c531869c9ff0b6cac29c440aef60c", "size": 1507328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000564-addr_0x0000000001f00000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000004-region_00000564-addr_0x0000000001f00000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000631-addr_0x0000000002460000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000631-addr_0x0000000002460000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "0eb4dbcbbb84c2e02a0183f363ffdb70", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "58ac00a17e51d4330947820f04311e2971a3da91", "sha256_hash": "1a2c69dd81385833163faa0fd6819711868e85f6a203e9f2b13adf546a9bafbd", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000632-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000632-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "028ecca3a4b511e41d5cc4644c951955", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b75129b5378541181ca4814bfc4a09a7a439aafc", "sha256_hash": "f02db91590a2f03ec6539df32da959012c9a3010fd2555230b446f7837f864ba", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000566-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000566-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "20a76e01ab15e6d39761fc8b190440c2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad73f713bd9427030ae7529e949b9586bdbf78a1", "sha256_hash": "f67fe8d3098ab95693e14b04a13be8a0983477d274051686d8988b12a5ea8aa9", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000635-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000635-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "241ac435c28b77444cc7e99a066cef4b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4283216236e42582fce73a9f1496da379620a4a4", "sha256_hash": "9191dd98c83c31522e131c7a571885d8e2c9d757d2a665c7660ab298e931f3b8", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000677-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00000677-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "2c5e3ccc4c55f99be3bfed60a5e5b804", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a6f6be9dc4bba51fc8fa489df78b67c861658235", "sha256_hash": "c0729e66d8bf566ecdbc4bb93ad2a2ee5440faba4f8be54aed53d87d934cec06", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000798-addr_0x00000000018d0000-size_0x0000000000220000-perm_rw.bin", "filename": "process_00000007-region_00000798-addr_0x00000000018d0000-size_0x0000000000220000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "0e33cde1ceb11778d5fed01b09753677", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e5757e357ae56342ad8ab60da3d22dfde6cd2674", "sha256_hash": "e0459e5f1f678a219c51fcedda7bb0b1d98815c8a6a9ccf10a4508f28d24c8b0", "size": 1773568, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000712-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00000712-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "f9b933461066ea85da36bbffbdb0f516", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1c565c875e216ca1d0362eb3b129a4785f38c47", "sha256_hash": "5f713c0f83380b3fe3dfc05547bccff7f0012d71bebd651bd4b3ebc9a9fd32fc", "size": 131072, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\EEBsYm5\\Desktop\\9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe\" ", "filename": "c:\\users\\eebsym5\\desktop\\9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe", "id": "proc_1", "image_name": "9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000136-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_136", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:12.547", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000137-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_137", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:12.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_138", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:12.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1323007, "entry_point": 0, "filename": null, "id": "region_139", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:12.547", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000140-addr_0x0000000000400000-size_0x0000000000033000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 208896, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4403199, "entry_point": 4194304, "filename": "\\Users\\EEBsYm5\\Desktop\\9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe", "id": "region_140", "name": "9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe", "norm_filename": "c:\\users\\eebsym5\\desktop\\9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:12.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1996226560, "type": "region", "version": 1 }, "end_va": 1997520895, "entry_point": 1996226560, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_141", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996226560, "timestamp": "00:00:12.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1998589951, "entry_point": 1998585856, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_142", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:12.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_143", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:12.645", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000144-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_144", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:12.645", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000145-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:12.645", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000146-addr_0x00000000001b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_146", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:12.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1966252031, "entry_point": 1965948928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_147", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:12.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1990934527, "entry_point": 1990066176, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_148", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:00:12.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_149", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:13.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3239935, "entry_point": 2818048, "filename": "\\Windows\\System32\\locale.nls", "id": "region_150", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:00:13.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946943488, "type": "region", "version": 1 }, "end_va": 1948639231, "entry_point": 1946943488, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_151", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946943488, "timestamp": "00:00:13.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1968824319, "entry_point": 1968504832, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_152", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:00:13.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969655807, "entry_point": 1968832512, "filename": "\\Windows\\System32\\user32.dll", "id": "region_153", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:13.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970302975, "entry_point": 1969946624, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_154", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:00:13.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971974143, "entry_point": 1971388416, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_155", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:00:13.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1972895744, "type": "region", "version": 1 }, "end_va": 1985781759, "entry_point": 1972895744, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_156", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1972895744, "timestamp": "00:00:13.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985871872, "type": "region", "version": 1 }, "end_va": 1986514943, "entry_point": 1985871872, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_157", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985871872, "timestamp": "00:00:13.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986527232, "type": "region", "version": 1 }, "end_va": 1987952639, "entry_point": 1986527232, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_158", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986527232, "timestamp": "00:00:13.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1989410816, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989410816, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_159", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1989410816, "timestamp": "00:00:14.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1990983680, "type": "region", "version": 1 }, "end_va": 1991643135, "entry_point": 1990983680, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_160", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1990983680, "timestamp": "00:00:14.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993408512, "type": "region", "version": 1 }, "end_va": 1994113023, "entry_point": 1993408512, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_161", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993408512, "timestamp": "00:00:14.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997705215, "entry_point": 1997602816, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_162", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:14.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1997971455, "entry_point": 1997930496, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_163", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:00:14.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1997996032, "type": "region", "version": 1 }, "end_va": 1998499839, "entry_point": 1997996032, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_164", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1997996032, "timestamp": "00:00:14.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_165", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:14.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4095999, "entry_point": 0, "filename": null, "id": "region_166", "name": "pagefile_0x0000000000320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3276800, "timestamp": "00:00:14.517", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000167-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_167", "name": "private_0x0000000000600000", "norm_filename": null, "region_type": "private_memory", "start_va": 6291456, "timestamp": "00:00:14.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970466815, "entry_point": 1970339840, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_168", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:14.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971306495, "entry_point": 1970470912, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_169", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:00:14.527", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000170-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:14.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000171-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:14.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1515519, "entry_point": 0, "filename": null, "id": "region_172", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:00:14.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5509119, "entry_point": 0, "filename": null, "id": "region_173", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:00:14.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 18939903, "entry_point": 0, "filename": null, "id": "region_174", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:00:14.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5947391, "entry_point": 5570560, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_175", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 5570560, "timestamp": "00:00:14.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5947391, "entry_point": 5715385, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_176", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 5570560, "timestamp": "00:00:14.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963524096, "type": "region", "version": 1 }, "end_va": 1963573247, "entry_point": 1963524096, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_177", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963524096, "timestamp": "00:00:14.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1943797760, "type": "region", "version": 1 }, "end_va": 1944059903, "entry_point": 1943797760, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_178", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1943797760, "timestamp": "00:00:14.583", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000179-addr_0x0000000000550000-size_0x00000000000b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 720896, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_179", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:00:14.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 18939904, "type": "region", "version": 1 }, "end_va": 19853311, "entry_point": 0, "filename": null, "id": "region_180", "name": "pagefile_0x0000000001210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18939904, "timestamp": "00:00:14.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1922564096, "type": "region", "version": 1 }, "end_va": 1922588671, "entry_point": 1922564096, "filename": "\\Windows\\System32\\riched32.dll", "id": "region_181", "name": "riched32.dll", "norm_filename": "c:\\windows\\system32\\riched32.dll", "region_type": "memory_mapped_file", "start_va": 1922564096, "timestamp": "00:00:14.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 483328, "start_va": 1836318720, "type": "region", "version": 1 }, "end_va": 1836802047, "entry_point": 1836318720, "filename": "\\Windows\\System32\\riched20.dll", "id": "region_182", "name": "riched20.dll", "norm_filename": "c:\\windows\\system32\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 1836318720, "timestamp": "00:00:14.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19857408, "type": "region", "version": 1 }, "end_va": 22802431, "entry_point": 19857408, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_183", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19857408, "timestamp": "00:00:14.672", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000184-addr_0x00000000015c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 22806528, "type": "region", "version": 1 }, "end_va": 23330815, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x00000000015c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22806528, "timestamp": "00:00:14.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940402175, "entry_point": 1940324352, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_185", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:00:14.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1470463, "entry_point": 0, "filename": null, "id": "region_186", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:00:14.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 0, "filename": null, "id": "region_187", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:00:14.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 23330816, "type": "region", "version": 1 }, "end_va": 27471871, "entry_point": 0, "filename": null, "id": "region_188", "name": "pagefile_0x0000000001640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 23330816, "timestamp": "00:00:14.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000189-addr_0x0000000000190000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_189", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:14.704", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000190-addr_0x0000000001a40000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 27525120, "type": "region", "version": 1 }, "end_va": 28049407, "entry_point": 0, "filename": null, "id": "region_190", "name": "private_0x0000000001a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 27525120, "timestamp": "00:00:14.705", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000191-addr_0x0000000001ac0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 29102079, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x0000000001ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28049408, "timestamp": "00:00:14.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 37683199, "entry_point": 28049408, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_192", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 28049408, "timestamp": "00:00:14.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4132863, "entry_point": 0, "filename": null, "id": "region_193", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:00:14.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1972514815, "entry_point": 1971978240, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_194", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:14.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5574655, "entry_point": 0, "filename": null, "id": "region_195", "name": "pagefile_0x0000000000550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5570560, "timestamp": "00:00:14.752", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000196-addr_0x00000000005c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:00:14.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5644287, "entry_point": 0, "filename": null, "id": "region_197", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:00:14.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1851392000, "type": "region", "version": 1 }, "end_va": 1851752447, "entry_point": 1851392000, "filename": "\\Program Files\\Common Files\\microsoft shared\\ink\\tiptsf.dll", "id": "region_198", "name": "tiptsf.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\ink\\tiptsf.dll", "region_type": "memory_mapped_file", "start_va": 1851392000, "timestamp": "00:00:14.758", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000199-addr_0x00000000023f0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 38735871, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x00000000023f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37683200, "timestamp": "00:00:14.785", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000200-addr_0x00000000023f0000-size_0x0000000000401000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4198400, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 41881599, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x00000000023f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37683200, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5709823, "entry_point": 0, "filename": null, "id": "region_201", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:00:14.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5705727, "entry_point": 5701632, "filename": "\\Windows\\System32\\en-US\\msctf.dll.mui", "id": "region_202", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 5701632, "timestamp": "00:00:14.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5775359, "entry_point": 0, "filename": null, "id": "region_203", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:00:14.924", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000204-addr_0x00000000023f0000-size_0x0000000000401000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4198400, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 41881599, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x00000000023f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37683200, "timestamp": "00:00:14.941", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000205-addr_0x0000000002800000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 41943040, "type": "region", "version": 1 }, "end_va": 42995711, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x0000000002800000", "norm_filename": null, "region_type": "private_memory", "start_va": 41943040, "timestamp": "00:00:14.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5771263, "entry_point": 0, "filename": null, "id": "region_206", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:00:15.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1944911872, "type": "region", "version": 1 }, "end_va": 1945915391, "entry_point": 1944911872, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_207", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1944911872, "timestamp": "00:00:15.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1944322048, "type": "region", "version": 1 }, "end_va": 1944457215, "entry_point": 1944322048, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_208", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1944322048, "timestamp": "00:00:15.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1972568064, "type": "region", "version": 1 }, "end_va": 1972850687, "entry_point": 1972568064, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_209", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1972568064, "timestamp": "00:00:15.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5849087, "entry_point": 5832704, "filename": "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_210", "name": "cversions.1.db", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 5832704, "timestamp": "00:00:15.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 86016, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 5984255, "entry_point": 5898240, "filename": "\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db", "id": "region_211", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "region_type": "memory_mapped_file", "start_va": 5898240, "timestamp": "00:00:15.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 22806528, "type": "region", "version": 1 }, "end_va": 22810623, "entry_point": 0, "filename": null, "id": "region_212", "name": "pagefile_0x00000000015c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 22806528, "timestamp": "00:00:15.713", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000213-addr_0x0000000001600000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 23068672, "type": "region", "version": 1 }, "end_va": 23330815, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x0000000001600000", "norm_filename": null, "region_type": "private_memory", "start_va": 23068672, "timestamp": "00:00:15.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1964048384, "type": "region", "version": 1 }, "end_va": 1964093439, "entry_point": 1964048384, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_214", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1964048384, "timestamp": "00:00:15.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5849087, "entry_point": 5832704, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_215", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 5832704, "timestamp": "00:00:15.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 22872064, "type": "region", "version": 1 }, "end_va": 23068671, "entry_point": 22872064, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db", "id": "region_216", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "region_type": "memory_mapped_file", "start_va": 22872064, "timestamp": "00:00:15.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 37699583, "entry_point": 37683200, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_217", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 37683200, "timestamp": "00:00:15.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 38166527, "entry_point": 37748736, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_218", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 37748736, "timestamp": "00:00:15.729", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000219-addr_0x0000000002470000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_82", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 38207488, "type": "region", "version": 1 }, "end_va": 39256063, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000002470000", "norm_filename": null, "region_type": "private_memory", "start_va": 38207488, "timestamp": "00:00:15.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1964732415, "entry_point": 1964572672, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_220", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:00:15.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1966473216, "type": "region", "version": 1 }, "end_va": 1966546943, "entry_point": 1966473216, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_221", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1966473216, "timestamp": "00:00:15.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1993396223, "entry_point": 1991704576, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_222", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1991704576, "timestamp": "00:00:15.809", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000223-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_83", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:15.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1895301120, "type": "region", "version": 1 }, "end_va": 1895612415, "entry_point": 1895301120, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_224", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1895301120, "timestamp": "00:00:15.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1858207744, "type": "region", "version": 1 }, "end_va": 1858396159, "entry_point": 1858207744, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_225", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 1858207744, "timestamp": "00:00:15.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1967194112, "type": "region", "version": 1 }, "end_va": 1968463871, "entry_point": 1967194112, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_226", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1967194112, "timestamp": "00:00:15.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1989365759, "entry_point": 1988362240, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_227", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:15.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1996206079, "entry_point": 1994129408, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_228", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1994129408, "timestamp": "00:00:15.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1965936639, "entry_point": 1964769280, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_229", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:00:15.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964556287, "entry_point": 1964507136, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_230", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:15.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1963393024, "type": "region", "version": 1 }, "end_va": 1963503615, "entry_point": 1963393024, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_231", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963393024, "timestamp": "00:00:15.937", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000232-addr_0x0000000002570000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_84", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 39256064, "type": "region", "version": 1 }, "end_va": 40304639, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000002570000", "norm_filename": null, "region_type": "private_memory", "start_va": 39256064, "timestamp": "00:00:15.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 40304640, "type": "region", "version": 1 }, "end_va": 40308735, "entry_point": 0, "filename": null, "id": "region_233", "name": "pagefile_0x0000000002670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40304640, "timestamp": "00:00:15.953", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000234-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_85", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:15.953", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000235-addr_0x0000000002680000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_86", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 40370176, "type": "region", "version": 1 }, "end_va": 41418751, "entry_point": 0, "filename": null, "id": "region_235", "name": "private_0x0000000002680000", "norm_filename": null, "region_type": "private_memory", "start_va": 40370176, "timestamp": "00:00:16.017", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000236-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_87", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:16.017", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cih.exe\" cvn-nhc ", "filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "id": "proc_2", "image_name": "cih.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000237-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_88", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:16.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_238", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:16.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_239", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:16.044", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000240-addr_0x0000000000090000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_89", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:16.044", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000241-addr_0x00000000008b0000-size_0x00000000000cc000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 835584, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 9945087, "entry_point": 9109504, "filename": "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cih.exe", "id": "region_241", "name": "cih.exe", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "region_type": "memory_mapped_file", "start_va": 9109504, "timestamp": "00:00:16.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1996226560, "type": "region", "version": 1 }, "end_va": 1997520895, "entry_point": 1996226560, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_242", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996226560, "timestamp": "00:00:16.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1998589951, "entry_point": 1998585856, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_243", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:16.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_244", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:16.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000245-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_91", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:16.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000246-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_92", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:16.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_247", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:16.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5206015, "entry_point": 4784128, "filename": "\\Windows\\System32\\locale.nls", "id": "region_248", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 4784128, "timestamp": "00:00:16.076", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000249-addr_0x00000000006d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_93", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7208959, "entry_point": 0, "filename": null, "id": "region_249", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:00:16.077", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000250-addr_0x0000000000aa0000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 11141120, "type": "region", "version": 1 }, "end_va": 15335423, "entry_point": 0, "filename": null, "id": "region_250", "name": "private_0x0000000000aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11141120, "timestamp": "00:00:16.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1849360384, "type": "region", "version": 1 }, "end_va": 1849565183, "entry_point": 1849360384, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_251", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1849360384, "timestamp": "00:00:16.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1905065984, "type": "region", "version": 1 }, "end_va": 1905139711, "entry_point": 1905065984, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_252", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1905065984, "timestamp": "00:00:16.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1922564096, "type": "region", "version": 1 }, "end_va": 1922592767, "entry_point": 1922564096, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_253", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1922564096, "timestamp": "00:00:16.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946943488, "type": "region", "version": 1 }, "end_va": 1948639231, "entry_point": 1947133621, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_254", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946943488, "timestamp": "00:00:16.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1952878591, "entry_point": 1952841728, "filename": "\\Windows\\System32\\version.dll", "id": "region_255", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:00:16.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1954283520, "type": "region", "version": 1 }, "end_va": 1954377727, "entry_point": 1954283520, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_256", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1954283520, "timestamp": "00:00:16.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1964048384, "type": "region", "version": 1 }, "end_va": 1964093439, "entry_point": 1964054930, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_257", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1964048384, "timestamp": "00:00:16.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964556287, "entry_point": 1964516238, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_258", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:16.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1965936639, "entry_point": 1964774794, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_259", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:00:16.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1966252031, "entry_point": 1965981152, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_260", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:16.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1967194112, "type": "region", "version": 1 }, "end_va": 1968463871, "entry_point": 1967201077, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_261", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1967194112, "timestamp": "00:00:16.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1968824319, "entry_point": 1968544777, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_262", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:00:16.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969655807, "entry_point": 1968953105, "filename": "\\Windows\\System32\\user32.dll", "id": "region_263", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:16.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969901567, "entry_point": 1969684480, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_264", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:00:16.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970302975, "entry_point": 1970052006, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_265", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:00:16.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971974143, "entry_point": 1971404721, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_266", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:00:16.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1972895744, "type": "region", "version": 1 }, "end_va": 1985781759, "entry_point": 1973425665, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_267", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1972895744, "timestamp": "00:00:16.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1985830911, "entry_point": 1985806336, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_268", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:16.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985871872, "type": "region", "version": 1 }, "end_va": 1986514943, "entry_point": 1986084823, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_269", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985871872, "timestamp": "00:00:16.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986527232, "type": "region", "version": 1 }, "end_va": 1987952639, "entry_point": 1986837053, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_270", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986527232, "timestamp": "00:00:16.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1989365759, "entry_point": 1988368485, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_271", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:16.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1989410816, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989495269, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_272", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1989410816, "timestamp": "00:00:16.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1990934527, "entry_point": 1990376932, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_273", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:00:16.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1990983680, "type": "region", "version": 1 }, "end_va": 1991643135, "entry_point": 1991189555, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_274", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1990983680, "timestamp": "00:00:16.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993408512, "type": "region", "version": 1 }, "end_va": 1994113023, "entry_point": 1993450610, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_275", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993408512, "timestamp": "00:00:16.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1996206079, "entry_point": 1994138329, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_276", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1994129408, "timestamp": "00:00:16.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997557759, "entry_point": 1997537280, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_277", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:00:16.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997705215, "entry_point": 1997621621, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_278", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:16.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1997971455, "entry_point": 1997935468, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_279", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:00:16.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1997996032, "type": "region", "version": 1 }, "end_va": 1998499839, "entry_point": 1998002926, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_280", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1997996032, "timestamp": "00:00:16.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_281", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:16.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6062079, "entry_point": 0, "filename": null, "id": "region_282", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:16.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970466815, "entry_point": 1970344789, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_283", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:16.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971306495, "entry_point": 1970476683, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_284", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:00:16.189", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000285-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_285", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:16.211", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000286-addr_0x0000000000050000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_286", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:16.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_287", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:16.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8261631, "entry_point": 0, "filename": null, "id": "region_288", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:00:16.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 15335424, "type": "region", "version": 1 }, "end_va": 27918335, "entry_point": 0, "filename": null, "id": "region_289", "name": "pagefile_0x0000000000ea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15335424, "timestamp": "00:00:16.212", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000290-addr_0x0000000001c00000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 29425663, "entry_point": 0, "filename": null, "id": "region_290", "name": "private_0x0000000001c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 29360128, "timestamp": "00:00:16.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1943797760, "type": "region", "version": 1 }, "end_va": 1944059903, "entry_point": 1943839453, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_291", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1943797760, "timestamp": "00:00:16.251", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000292-addr_0x0000000001c10000-size_0x00000000001e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1966080, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_292", "name": "private_0x0000000001c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 29425664, "timestamp": "00:00:16.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7008255, "entry_point": 0, "filename": null, "id": "region_293", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:00:16.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_294", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:16.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 34336767, "entry_point": 31391744, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_295", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31391744, "timestamp": "00:00:16.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 532479, "entry_point": 0, "filename": null, "id": "region_296", "name": "pagefile_0x0000000000080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 524288, "timestamp": "00:00:16.264", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000297-addr_0x00000000020e0000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 38666239, "entry_point": 0, "filename": null, "id": "region_297", "name": "private_0x00000000020e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34471936, "timestamp": "00:00:16.269", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000298-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_298", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:16.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 7016447, "entry_point": 0, "filename": null, "id": "region_299", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:00:16.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 8699903, "entry_point": 8467897, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_300", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 8323072, "timestamp": "00:00:16.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963524096, "type": "region", "version": 1 }, "end_va": 1963573247, "entry_point": 1963528417, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_302", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963524096, "timestamp": "00:00:16.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1964732415, "entry_point": 1964595385, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_303", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:00:16.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1966473216, "type": "region", "version": 1 }, "end_va": 1966546943, "entry_point": 1966478401, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_304", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1966473216, "timestamp": "00:00:16.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1993396223, "entry_point": 1991710695, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_305", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1991704576, "timestamp": "00:00:16.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 7106559, "entry_point": 0, "filename": null, "id": "region_306", "name": "pagefile_0x00000000006c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7077888, "timestamp": "00:00:16.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 8331263, "entry_point": 0, "filename": null, "id": "region_307", "name": "pagefile_0x00000000007f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8323072, "timestamp": "00:00:16.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000308-addr_0x0000000000800000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 8392703, "entry_point": 0, "filename": null, "id": "region_308", "name": "private_0x0000000000800000", "norm_filename": null, "region_type": "private_memory", "start_va": 8388608, "timestamp": "00:00:16.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000309-addr_0x0000000000980000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 11010047, "entry_point": 0, "filename": null, "id": "region_309", "name": "private_0x0000000000980000", "norm_filename": null, "region_type": "private_memory", "start_va": 9961472, "timestamp": "00:00:16.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 38666240, "type": "region", "version": 1 }, "end_va": 42807295, "entry_point": 0, "filename": null, "id": "region_310", "name": "pagefile_0x00000000024e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38666240, "timestamp": "00:00:16.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000311-addr_0x00000000029e0000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 48103423, "entry_point": 0, "filename": null, "id": "region_311", "name": "private_0x00000000029e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43909120, "timestamp": "00:00:16.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000312-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_312", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:16.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940402175, "entry_point": 1940331839, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_313", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:00:16.467", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000314-addr_0x0000000000810000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 8978431, "entry_point": 0, "filename": null, "id": "region_314", "name": "private_0x0000000000810000", "norm_filename": null, "region_type": "private_memory", "start_va": 8454144, "timestamp": "00:00:16.469", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000315-addr_0x0000000002de0000-size_0x0000000000220000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2228224, "start_va": 48103424, "type": "region", "version": 1 }, "end_va": 50331647, "entry_point": 0, "filename": null, "id": "region_315", "name": "private_0x0000000002de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48103424, "timestamp": "00:00:16.470", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000316-addr_0x0000000000890000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 9043967, "entry_point": 0, "filename": null, "id": "region_316", "name": "private_0x0000000000890000", "norm_filename": null, "region_type": "private_memory", "start_va": 8978432, "timestamp": "00:00:16.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9072639, "entry_point": 0, "filename": null, "id": "region_317", "name": "pagefile_0x00000000008a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9043968, "timestamp": "00:00:16.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 9007103, "entry_point": 0, "filename": null, "id": "region_318", "name": "pagefile_0x0000000000890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8978432, "timestamp": "00:00:16.495", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000368-addr_0x0000000002de0000-size_0x00000000001bd000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1822720, "start_va": 48103424, "type": "region", "version": 1 }, "end_va": 49926143, "entry_point": 0, "filename": null, "id": "region_368", "name": "private_0x0000000002de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48103424, "timestamp": "00:00:16.533", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000369-addr_0x0000000002fc0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 50069504, "type": "region", "version": 1 }, "end_va": 50331647, "entry_point": 0, "filename": null, "id": "region_369", "name": "private_0x0000000002fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50069504, "timestamp": "00:00:16.534", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000372-addr_0x0000000003000000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 50331648, "type": "region", "version": 1 }, "end_va": 52428799, "entry_point": 0, "filename": null, "id": "region_372", "name": "private_0x0000000003000000", "norm_filename": null, "region_type": "private_memory", "start_va": 50331648, "timestamp": "00:00:16.777", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000373-addr_0x0000000003310000-size_0x0000000000110000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1114112, "start_va": 53542912, "type": "region", "version": 1 }, "end_va": 54657023, "entry_point": 0, "filename": null, "id": "region_373", "name": "private_0x0000000003310000", "norm_filename": null, "region_type": "private_memory", "start_va": 53542912, "timestamp": "00:00:16.777", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cih.exe C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\IWLWK", "filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "id": "proc_3", "image_name": "cih.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000374-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_374", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:16.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_375", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:16.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_376", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:16.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_377", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:16.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 9945087, "entry_point": 9200865, "filename": "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cih.exe", "id": "region_378", "name": "cih.exe", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "region_type": "memory_mapped_file", "start_va": 9109504, "timestamp": "00:00:16.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1996226560, "type": "region", "version": 1 }, "end_va": 1997520895, "entry_point": 1996226560, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_379", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996226560, "timestamp": "00:00:16.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1998589951, "entry_point": 1998585856, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_380", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:16.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_381", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:16.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_382", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:16.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_383", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:16.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_384", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:16.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_385", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:16.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_386", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:16.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 14942207, "entry_point": 0, "filename": null, "id": "region_387", "name": "private_0x0000000000a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 10747904, "timestamp": "00:00:16.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1849360384, "type": "region", "version": 1 }, "end_va": 1849565183, "entry_point": 1849374705, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_388", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1849360384, "timestamp": "00:00:16.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1905065984, "type": "region", "version": 1 }, "end_va": 1905139711, "entry_point": 1905070592, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_389", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1905065984, "timestamp": "00:00:16.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1922564096, "type": "region", "version": 1 }, "end_va": 1922592767, "entry_point": 1922568480, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_390", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1922564096, "timestamp": "00:00:16.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946943488, "type": "region", "version": 1 }, "end_va": 1948639231, "entry_point": 1947133621, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_391", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946943488, "timestamp": "00:00:16.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1952878591, "entry_point": 1952846368, "filename": "\\Windows\\System32\\version.dll", "id": "region_392", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:00:16.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1954283520, "type": "region", "version": 1 }, "end_va": 1954377727, "entry_point": 1954290845, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_393", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1954283520, "timestamp": "00:00:16.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1964048384, "type": "region", "version": 1 }, "end_va": 1964093439, "entry_point": 1964054930, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_394", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1964048384, "timestamp": "00:00:16.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964556287, "entry_point": 1964516238, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_395", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:16.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1965936639, "entry_point": 1964774794, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_396", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:00:16.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1966252031, "entry_point": 1965981152, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_397", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:16.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1967194112, "type": "region", "version": 1 }, "end_va": 1968463871, "entry_point": 1967201077, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_398", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1967194112, "timestamp": "00:00:16.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1968824319, "entry_point": 1968544777, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_399", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:00:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969655807, "entry_point": 1968953105, "filename": "\\Windows\\System32\\user32.dll", "id": "region_400", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969901567, "entry_point": 1969689693, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_401", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:00:16.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970302975, "entry_point": 1970052006, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_402", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:00:16.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971974143, "entry_point": 1971404721, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_403", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:00:16.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1972895744, "type": "region", "version": 1 }, "end_va": 1985781759, "entry_point": 1973425665, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_404", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1972895744, "timestamp": "00:00:16.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1985830911, "entry_point": 1985812354, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_405", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:16.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985871872, "type": "region", "version": 1 }, "end_va": 1986514943, "entry_point": 1986084823, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_406", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985871872, "timestamp": "00:00:16.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986527232, "type": "region", "version": 1 }, "end_va": 1987952639, "entry_point": 1986837053, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_407", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986527232, "timestamp": "00:00:16.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1989365759, "entry_point": 1988368485, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_408", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:16.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1989410816, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989495269, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_409", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1989410816, "timestamp": "00:00:16.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1990934527, "entry_point": 1990376932, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_410", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:00:16.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1990983680, "type": "region", "version": 1 }, "end_va": 1991643135, "entry_point": 1991189555, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_411", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1990983680, "timestamp": "00:00:16.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993408512, "type": "region", "version": 1 }, "end_va": 1994113023, "entry_point": 1993450610, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_412", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993408512, "timestamp": "00:00:16.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1996206079, "entry_point": 1994138329, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_413", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1994129408, "timestamp": "00:00:16.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997557759, "entry_point": 1997542456, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_414", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:00:16.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997705215, "entry_point": 1997621621, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_415", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:16.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1997971455, "entry_point": 1997935468, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_416", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:00:16.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1997996032, "type": "region", "version": 1 }, "end_va": 1998499839, "entry_point": 1998002926, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_417", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1997996032, "timestamp": "00:00:16.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_418", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:16.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5996543, "entry_point": 0, "filename": null, "id": "region_419", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:00:16.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970466815, "entry_point": 1970344789, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_420", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:16.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971306495, "entry_point": 1970476683, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_421", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:00:16.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_422", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:16.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_423", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:16.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 7081983, "entry_point": 0, "filename": null, "id": "region_424", "name": "pagefile_0x00000000005c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6029312, "timestamp": "00:00:16.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7151615, "entry_point": 0, "filename": null, "id": "region_425", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:00:16.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 8126463, "entry_point": 0, "filename": null, "id": "region_426", "name": "private_0x00000000007b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8060928, "timestamp": "00:00:16.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 14942208, "type": "region", "version": 1 }, "end_va": 27525119, "entry_point": 0, "filename": null, "id": "region_427", "name": "pagefile_0x0000000000e40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14942208, "timestamp": "00:00:16.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1943797760, "type": "region", "version": 1 }, "end_va": 1944059903, "entry_point": 1943839453, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_428", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1943797760, "timestamp": "00:00:16.969", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000429-addr_0x00000000006e0000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 7864319, "entry_point": 0, "filename": null, "id": "region_429", "name": "private_0x00000000006e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7208960, "timestamp": "00:00:16.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 9039871, "entry_point": 0, "filename": null, "id": "region_430", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:00:17.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_431", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:17.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 27525120, "type": "region", "version": 1 }, "end_va": 30470143, "entry_point": 27525120, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_432", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 27525120, "timestamp": "00:00:17.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 7217151, "entry_point": 0, "filename": null, "id": "region_433", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:00:17.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 7864319, "entry_point": 0, "filename": null, "id": "region_434", "name": "private_0x0000000000740000", "norm_filename": null, "region_type": "private_memory", "start_va": 7602176, "timestamp": "00:00:17.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 35848191, "entry_point": 0, "filename": null, "id": "region_435", "name": "private_0x0000000001e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 31653888, "timestamp": "00:00:17.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_436", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:17.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 7278591, "entry_point": 0, "filename": null, "id": "region_437", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:00:17.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 10338303, "entry_point": 10106297, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_438", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 9961472, "timestamp": "00:00:17.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963524096, "type": "region", "version": 1 }, "end_va": 1963573247, "entry_point": 1963528417, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_440", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963524096, "timestamp": "00:00:17.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 30474240, "type": "region", "version": 1 }, "end_va": 31522815, "entry_point": 0, "filename": null, "id": "region_441", "name": "private_0x0000000001d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 30474240, "timestamp": "00:00:17.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1964732415, "entry_point": 1964595385, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_442", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:00:17.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1966473216, "type": "region", "version": 1 }, "end_va": 1966546943, "entry_point": 1966478401, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_443", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1966473216, "timestamp": "00:00:17.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1993396223, "entry_point": 1991710695, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_444", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1991704576, "timestamp": "00:00:17.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 7368703, "entry_point": 0, "filename": null, "id": "region_445", "name": "pagefile_0x0000000000700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7340032, "timestamp": "00:00:17.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 7413759, "entry_point": 0, "filename": null, "id": "region_446", "name": "pagefile_0x0000000000710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7405568, "timestamp": "00:00:17.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7475199, "entry_point": 0, "filename": null, "id": "region_447", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:00:17.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 35848192, "type": "region", "version": 1 }, "end_va": 39989247, "entry_point": 0, "filename": null, "id": "region_448", "name": "pagefile_0x0000000002230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35848192, "timestamp": "00:00:17.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940402175, "entry_point": 1940331839, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_449", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:00:17.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 10485759, "entry_point": 0, "filename": null, "id": "region_450", "name": "private_0x0000000000980000", "norm_filename": null, "region_type": "private_memory", "start_va": 9961472, "timestamp": "00:00:17.100", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000451-addr_0x0000000002630000-size_0x0000000000110000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1114112, "start_va": 40042496, "type": "region", "version": 1 }, "end_va": 41156607, "entry_point": 0, "filename": null, "id": "region_451", "name": "private_0x0000000002630000", "norm_filename": null, "region_type": "private_memory", "start_va": 40042496, "timestamp": "00:00:17.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 7540735, "entry_point": 7536640, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_452", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 7536640, "timestamp": "00:00:17.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 43253759, "entry_point": 0, "filename": null, "id": "region_454", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:00:17.117", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000455-addr_0x0000000002940000-size_0x00000000001bd000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1822720, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 45076479, "entry_point": 0, "filename": null, "id": "region_455", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:00:17.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 48103423, "entry_point": 0, "filename": null, "id": "region_456", "name": "private_0x00000000029e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43909120, "timestamp": "00:00:17.335", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000457-addr_0x0000000002de0000-size_0x00000000001bd000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1822720, "start_va": 48103424, "type": "region", "version": 1 }, "end_va": 49926143, "entry_point": 0, "filename": null, "id": "region_457", "name": "private_0x0000000002de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48103424, "timestamp": "00:00:17.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_458", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:17.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 48889856, "type": "region", "version": 1 }, "end_va": 53084159, "entry_point": 0, "filename": null, "id": "region_471", "name": "private_0x0000000002ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48889856, "timestamp": "00:00:19.550", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000472-addr_0x00000000032a0000-size_0x00000000001bd000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1822720, "start_va": 53084160, "type": "region", "version": 1 }, "end_va": 54906879, "entry_point": 0, "filename": null, "id": "region_472", "name": "private_0x00000000032a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53084160, "timestamp": "00:00:19.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_473", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:19.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958805504, "type": "region", "version": 1 }, "end_va": 1958895615, "entry_point": 1958805504, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_478", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958805504, "timestamp": "00:00:19.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10731519, "entry_point": 10485760, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_479", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 10485760, "timestamp": "00:00:19.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10731519, "entry_point": 10490509, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_480", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 10485760, "timestamp": "00:00:19.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956315136, "type": "region", "version": 1 }, "end_va": 1956556799, "entry_point": 1956319885, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_484", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956315136, "timestamp": "00:00:19.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 7540735, "entry_point": 0, "filename": null, "id": "region_486", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:00:19.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 7868415, "entry_point": 0, "filename": null, "id": "region_487", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:00:19.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 7933951, "entry_point": 0, "filename": null, "id": "region_488", "name": "private_0x0000000000790000", "norm_filename": null, "region_type": "private_memory", "start_va": 7929856, "timestamp": "00:00:19.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 7999487, "entry_point": 0, "filename": null, "id": "region_489", "name": "private_0x00000000007a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7995392, "timestamp": "00:00:19.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9048063, "entry_point": 0, "filename": null, "id": "region_490", "name": "private_0x00000000008a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9043968, "timestamp": "00:00:19.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10489855, "entry_point": 0, "filename": null, "id": "region_491", "name": "private_0x0000000000a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 10485760, "timestamp": "00:00:19.857", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe\"", "filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "id": "proc_4", "image_name": "regsvcs.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000492-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_492", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:19.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_493", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:19.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_494", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:19.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_495", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:19.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 0, "filename": null, "id": "region_496", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:19.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9363455, "entry_point": 9306112, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", "id": "region_497", "name": "regsvcs.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "region_type": "memory_mapped_file", "start_va": 9306112, "timestamp": "00:00:19.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1996226560, "type": "region", "version": 1 }, "end_va": 1997520895, "entry_point": 1996226560, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_498", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996226560, "timestamp": "00:00:19.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1998589951, "entry_point": 1998585856, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_499", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:19.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_500", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:19.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147299328, "type": "region", "version": 1 }, "end_va": 2147303423, "entry_point": 0, "filename": null, "id": "region_501", "name": "private_0x000000007ffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147299328, "timestamp": "00:00:19.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_502", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:19.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:00:19.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1966252031, "entry_point": 1965981152, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_504", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:19.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1990934527, "entry_point": 1990376932, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_505", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:00:19.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_506", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:19.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_507", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:19.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_508", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:19.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 417792, "start_va": 1836384256, "type": "region", "version": 1 }, "end_va": 1836802047, "entry_point": 1836384256, "filename": "\\Windows\\System32\\msvcp60.dll", "id": "region_509", "name": "msvcp60.dll", "norm_filename": "c:\\windows\\system32\\msvcp60.dll", "region_type": "memory_mapped_file", "start_va": 1836384256, "timestamp": "00:00:19.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1849360384, "type": "region", "version": 1 }, "end_va": 1849565183, "entry_point": 1849374705, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_510", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1849360384, "timestamp": "00:00:19.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1942159360, "type": "region", "version": 1 }, "end_va": 1943797759, "entry_point": 1942159360, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_511", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1942159360, "timestamp": "00:00:19.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964556287, "entry_point": 1964516238, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_512", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:19.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1965936639, "entry_point": 1964774794, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_513", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:00:19.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1967194112, "type": "region", "version": 1 }, "end_va": 1968463871, "entry_point": 1967201077, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_514", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1967194112, "timestamp": "00:00:19.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1968824319, "entry_point": 1968544777, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_515", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:00:19.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969655807, "entry_point": 1968953105, "filename": "\\Windows\\System32\\user32.dll", "id": "region_516", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:19.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969901567, "entry_point": 1969689693, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_517", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:00:19.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970302975, "entry_point": 1970052006, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_518", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:00:19.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971974143, "entry_point": 1971404721, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_519", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:00:19.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1972895744, "type": "region", "version": 1 }, "end_va": 1985781759, "entry_point": 1973425665, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_520", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1972895744, "timestamp": "00:00:19.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1985830911, "entry_point": 1985812354, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_521", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:19.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985871872, "type": "region", "version": 1 }, "end_va": 1986514943, "entry_point": 1986084823, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_522", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985871872, "timestamp": "00:00:19.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986527232, "type": "region", "version": 1 }, "end_va": 1987952639, "entry_point": 1986837053, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_523", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986527232, "timestamp": "00:00:19.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1989365759, "entry_point": 1988368485, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_524", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:19.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1989410816, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989495269, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_525", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1989410816, "timestamp": "00:00:19.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1990983680, "type": "region", "version": 1 }, "end_va": 1991643135, "entry_point": 1991189555, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_526", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1990983680, "timestamp": "00:00:19.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993408512, "type": "region", "version": 1 }, "end_va": 1994113023, "entry_point": 1993450610, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_527", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993408512, "timestamp": "00:00:19.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1996206079, "entry_point": 1994138329, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_528", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1994129408, "timestamp": "00:00:19.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997705215, "entry_point": 1997621621, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_529", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:19.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1997971455, "entry_point": 1997935468, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_530", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:00:19.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_531", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:19.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2850815, "entry_point": 0, "filename": null, "id": "region_534", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:20.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970466815, "entry_point": 1970344789, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_535", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:20.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971306495, "entry_point": 1970476683, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_536", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:00:20.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_537", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:20.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_538", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:20.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 0, "filename": null, "id": "region_539", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:00:20.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 21954559, "entry_point": 0, "filename": null, "id": "region_540", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:00:20.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997557759, "entry_point": 1997542456, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_541", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:00:20.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_542", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:00:20.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9306111, "entry_point": 0, "filename": null, "id": "region_543", "name": "private_0x00000000007e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8257536, "timestamp": "00:00:20.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 22544384, "type": "region", "version": 1 }, "end_va": 23592959, "entry_point": 0, "filename": null, "id": "region_544", "name": "private_0x0000000001580000", "norm_filename": null, "region_type": "private_memory", "start_va": 22544384, "timestamp": "00:00:20.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 24838144, "type": "region", "version": 1 }, "end_va": 25886719, "entry_point": 0, "filename": null, "id": "region_545", "name": "private_0x00000000017b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24838144, "timestamp": "00:00:20.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1963393024, "type": "region", "version": 1 }, "end_va": 1963503615, "entry_point": 1963430841, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_546", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963393024, "timestamp": "00:00:20.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_547", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:20.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_548", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:20.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_549", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:20.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_550", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:20.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 23789568, "type": "region", "version": 1 }, "end_va": 24838143, "entry_point": 0, "filename": null, "id": "region_551", "name": "private_0x00000000016b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 23789568, "timestamp": "00:00:20.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26607616, "type": "region", "version": 1 }, "end_va": 27656191, "entry_point": 0, "filename": null, "id": "region_552", "name": "private_0x0000000001960000", "norm_filename": null, "region_type": "private_memory", "start_va": 26607616, "timestamp": "00:00:20.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 27656192, "type": "region", "version": 1 }, "end_va": 30601215, "entry_point": 27656192, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_553", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 27656192, "timestamp": "00:00:20.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_554", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:00:20.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_555", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:00:20.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958789119, "entry_point": 1958543360, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_556", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.085", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000557-addr_0x0000000001d30000-size_0x00000000001d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1900544, "start_va": 30605312, "type": "region", "version": 1 }, "end_va": 32505855, "entry_point": 0, "filename": null, "id": "region_557", "name": "private_0x0000000001d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 30605312, "timestamp": "00:00:20.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953452031, "entry_point": 1953431552, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_558", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:00:20.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 7864319, "entry_point": 0, "filename": null, "id": "region_559", "name": "private_0x0000000000680000", "norm_filename": null, "region_type": "private_memory", "start_va": 6815744, "timestamp": "00:00:20.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_560", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:20.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1938358272, "type": "region", "version": 1 }, "end_va": 1938423807, "entry_point": 1938358272, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_561", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1938358272, "timestamp": "00:00:20.180", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000562-addr_0x0000000001d30000-size_0x0000000000170000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1507328, "start_va": 30605312, "type": "region", "version": 1 }, "end_va": 32112639, "entry_point": 0, "filename": null, "id": "region_562", "name": "private_0x0000000001d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 30605312, "timestamp": "00:00:20.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32505855, "entry_point": 0, "filename": null, "id": "region_563", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:00:20.193", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000564-addr_0x0000000001f00000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 34603007, "entry_point": 0, "filename": null, "id": "region_564", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:00:20.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1843724288, "type": "region", "version": 1 }, "end_va": 1843789823, "entry_point": 1843724288, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_565", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1843724288, "timestamp": "00:00:20.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 34537471, "entry_point": 0, "filename": null, "id": "region_606", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:00:20.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 34537472, "type": "region", "version": 1 }, "end_va": 34603007, "entry_point": 0, "filename": null, "id": "region_607", "name": "private_0x00000000020f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34537472, "timestamp": "00:00:20.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1843527680, "type": "region", "version": 1 }, "end_va": 1843601407, "entry_point": 1843527680, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_608", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1843527680, "timestamp": "00:00:20.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_609", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:00:20.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1957232640, "type": "region", "version": 1 }, "end_va": 1957511167, "entry_point": 1957232640, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_610", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1957232640, "timestamp": "00:00:20.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 30605312, "type": "region", "version": 1 }, "end_va": 31588351, "entry_point": 0, "filename": null, "id": "region_611", "name": "private_0x0000000001d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 30605312, "timestamp": "00:00:20.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 32112639, "entry_point": 0, "filename": null, "id": "region_612", "name": "private_0x0000000001e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 32047104, "timestamp": "00:00:20.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1843462144, "type": "region", "version": 1 }, "end_va": 1843494911, "entry_point": 1843462144, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_613", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1843462144, "timestamp": "00:00:20.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1936261120, "type": "region", "version": 1 }, "end_va": 1936375807, "entry_point": 1936261120, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_617", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1936261120, "timestamp": "00:00:20.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1936130048, "type": "region", "version": 1 }, "end_va": 1936158719, "entry_point": 1936130048, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_618", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1936130048, "timestamp": "00:00:20.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1900675072, "type": "region", "version": 1 }, "end_va": 1900699647, "entry_point": 1900675072, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_619", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1900675072, "timestamp": "00:00:20.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1932591104, "type": "region", "version": 1 }, "end_va": 1932820479, "entry_point": 1932591104, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_620", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1932591104, "timestamp": "00:00:20.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 33488895, "entry_point": 0, "filename": null, "id": "region_626", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:00:20.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 36438015, "entry_point": 0, "filename": null, "id": "region_627", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:00:20.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36831232, "type": "region", "version": 1 }, "end_va": 37879807, "entry_point": 0, "filename": null, "id": "region_628", "name": "private_0x0000000002320000", "norm_filename": null, "region_type": "private_memory", "start_va": 36831232, "timestamp": "00:00:20.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147311616, "type": "region", "version": 1 }, "end_va": 2147315711, "entry_point": 0, "filename": null, "id": "region_629", "name": "private_0x000000007ffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147311616, "timestamp": "00:00:20.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147315712, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_630", "name": "private_0x000000007ffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147315712, "timestamp": "00:00:20.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000631-addr_0x0000000002460000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 39190527, "entry_point": 0, "filename": null, "id": "region_631", "name": "private_0x0000000002460000", "norm_filename": null, "region_type": "private_memory", "start_va": 38141952, "timestamp": "00:00:20.748", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000632-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_632", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:20.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 37879808, "type": "region", "version": 1 }, "end_va": 39976959, "entry_point": 0, "filename": null, "id": "region_633", "name": "private_0x0000000002420000", "norm_filename": null, "region_type": "private_memory", "start_va": 37879808, "timestamp": "00:00:20.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_634", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:00:20.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_646", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:20.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4132863, "entry_point": 0, "filename": null, "id": "region_688", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:00:20.980", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_5", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000566-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_566", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_567", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:20.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_568", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:20.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_569", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:20.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2850815, "entry_point": 2818048, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_570", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:00:20.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 0, "filename": null, "id": "region_571", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:20.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1996226560, "type": "region", "version": 1 }, "end_va": 1997520895, "entry_point": 1996226560, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_572", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996226560, "timestamp": "00:00:20.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1998589951, "entry_point": 1998585856, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_573", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:20.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_574", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:20.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147315712, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_575", "name": "private_0x000000007ffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147315712, "timestamp": "00:00:20.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_576", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:20.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_577", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:20.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1966252031, "entry_point": 1965981152, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_578", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:20.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1990934527, "entry_point": 1990376932, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_579", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:00:20.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_580", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:20.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 1769472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_581", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:00:20.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_582", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:20.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 417792, "start_va": 1836384256, "type": "region", "version": 1 }, "end_va": 1836802047, "entry_point": 1836388937, "filename": "\\Windows\\System32\\msvcp60.dll", "id": "region_583", "name": "msvcp60.dll", "norm_filename": "c:\\windows\\system32\\msvcp60.dll", "region_type": "memory_mapped_file", "start_va": 1836384256, "timestamp": "00:00:20.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1849360384, "type": "region", "version": 1 }, "end_va": 1849565183, "entry_point": 1849374705, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_584", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1849360384, "timestamp": "00:00:20.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1942159360, "type": "region", "version": 1 }, "end_va": 1943797759, "entry_point": 1942802470, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_585", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1942159360, "timestamp": "00:00:20.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964556287, "entry_point": 1964516238, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_586", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:20.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1965936639, "entry_point": 1964774794, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_587", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:00:20.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1967194112, "type": "region", "version": 1 }, "end_va": 1968463871, "entry_point": 1967201077, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_588", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1967194112, "timestamp": "00:00:20.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1968824319, "entry_point": 1968544777, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_589", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:00:20.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969655807, "entry_point": 1968953105, "filename": "\\Windows\\System32\\user32.dll", "id": "region_590", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:20.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969901567, "entry_point": 1969689693, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_591", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970302975, "entry_point": 1970052006, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_592", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971974143, "entry_point": 1971404721, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_593", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:00:20.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1972895744, "type": "region", "version": 1 }, "end_va": 1985781759, "entry_point": 1973425665, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_594", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1972895744, "timestamp": "00:00:20.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1985830911, "entry_point": 1985812354, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_595", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:20.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985871872, "type": "region", "version": 1 }, "end_va": 1986514943, "entry_point": 1986084823, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_596", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985871872, "timestamp": "00:00:20.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986527232, "type": "region", "version": 1 }, "end_va": 1987952639, "entry_point": 1986837053, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_597", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986527232, "timestamp": "00:00:20.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1989365759, "entry_point": 1988368485, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_598", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:20.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1989410816, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989495269, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_599", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1989410816, "timestamp": "00:00:20.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1990983680, "type": "region", "version": 1 }, "end_va": 1991643135, "entry_point": 1991189555, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_600", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1990983680, "timestamp": "00:00:20.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993408512, "type": "region", "version": 1 }, "end_va": 1994113023, "entry_point": 1993450610, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_601", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993408512, "timestamp": "00:00:20.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1996206079, "entry_point": 1994138329, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_602", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1994129408, "timestamp": "00:00:20.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997705215, "entry_point": 1997621621, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_603", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:20.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1997971455, "entry_point": 1997935468, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_604", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:00:20.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_605", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:20.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3702783, "entry_point": 0, "filename": null, "id": "region_614", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:00:20.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970466815, "entry_point": 1970344789, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_615", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:20.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971306495, "entry_point": 1970476683, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_616", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:00:20.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_621", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:20.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_622", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:20.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5378047, "entry_point": 0, "filename": null, "id": "region_623", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:20.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 18022399, "entry_point": 0, "filename": null, "id": "region_624", "name": "pagefile_0x0000000000530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5439488, "timestamp": "00:00:20.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 18022400, "type": "region", "version": 1 }, "end_va": 19070975, "entry_point": 0, "filename": null, "id": "region_625", "name": "private_0x0000000001130000", "norm_filename": null, "region_type": "private_memory", "start_va": 18022400, "timestamp": "00:00:20.358", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\moqutzmqrxoadnrfihvxswbpaqgibrkh\"", "filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "id": "proc_6", "image_name": "regsvcs.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000635-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_636", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_637", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:20.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_638", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:20.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4550655, "entry_point": 0, "filename": null, "id": "region_639", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:20.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9363455, "entry_point": 9339454, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", "id": "region_640", "name": "regsvcs.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "region_type": "memory_mapped_file", "start_va": 9306112, "timestamp": "00:00:20.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1996226560, "type": "region", "version": 1 }, "end_va": 1997520895, "entry_point": 1996226560, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_641", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996226560, "timestamp": "00:00:20.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1998589951, "entry_point": 1998585856, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_642", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:20.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_643", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:20.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_644", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:20.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_645", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:20.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_647", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:20.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1966252031, "entry_point": 1965981152, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_648", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:20.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1990934527, "entry_point": 1990376932, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_649", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:00:20.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_650", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:20.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_651", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:00:20.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2654207, "entry_point": 0, "filename": null, "id": "region_652", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:20.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_653", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:20.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1835794432, "type": "region", "version": 1 }, "end_va": 1836335103, "entry_point": 1835794432, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_654", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1835794432, "timestamp": "00:00:20.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1952878591, "entry_point": 1952846368, "filename": "\\Windows\\System32\\version.dll", "id": "region_655", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:00:20.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964556287, "entry_point": 1964516238, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_656", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:20.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1965936639, "entry_point": 1964774794, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_657", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:00:20.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1967194112, "type": "region", "version": 1 }, "end_va": 1968463871, "entry_point": 1967201077, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_658", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1967194112, "timestamp": "00:00:20.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1968824319, "entry_point": 1968544777, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_659", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:00:20.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969655807, "entry_point": 1968953105, "filename": "\\Windows\\System32\\user32.dll", "id": "region_660", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:20.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970302975, "entry_point": 1970052006, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_661", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:00:20.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970466815, "entry_point": 1970344789, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_662", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:20.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971306495, "entry_point": 1970476683, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_663", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:00:20.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971974143, "entry_point": 1971404721, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_664", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:00:20.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1972895744, "type": "region", "version": 1 }, "end_va": 1985781759, "entry_point": 1973425665, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_665", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1972895744, "timestamp": "00:00:20.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985871872, "type": "region", "version": 1 }, "end_va": 1986514943, "entry_point": 1986084823, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_666", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985871872, "timestamp": "00:00:20.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986527232, "type": "region", "version": 1 }, "end_va": 1987952639, "entry_point": 1986837053, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_667", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986527232, "timestamp": "00:00:20.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1989365759, "entry_point": 1988368485, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_668", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:20.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1989410816, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989495269, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_669", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1989410816, "timestamp": "00:00:20.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1990983680, "type": "region", "version": 1 }, "end_va": 1991643135, "entry_point": 1991189555, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_670", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1990983680, "timestamp": "00:00:20.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993408512, "type": "region", "version": 1 }, "end_va": 1994113023, "entry_point": 1993450610, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_671", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993408512, "timestamp": "00:00:20.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1996206079, "entry_point": 1994138329, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_672", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1994129408, "timestamp": "00:00:20.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997705215, "entry_point": 1997621621, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_673", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:20.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1997971455, "entry_point": 1997935468, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_674", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:00:20.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1997996032, "type": "region", "version": 1 }, "end_va": 1998499839, "entry_point": 1998002926, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_675", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1997996032, "timestamp": "00:00:20.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_676", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:20.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_756", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:21.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:21.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5640191, "entry_point": 0, "filename": null, "id": "region_758", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:00:21.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_759", "name": "private_0x0000000000640000", "norm_filename": null, "region_type": "private_memory", "start_va": 6553600, "timestamp": "00:00:21.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 21954559, "entry_point": 0, "filename": null, "id": "region_760", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:00:21.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 0, "filename": null, "id": "region_772", "name": "private_0x0000000000650000", "norm_filename": null, "region_type": "private_memory", "start_va": 6619136, "timestamp": "00:00:21.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 0, "filename": null, "id": "region_773", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:00:21.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 21954560, "type": "region", "version": 1 }, "end_va": 24899583, "entry_point": 21954560, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_774", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 21954560, "timestamp": "00:00:21.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958805504, "type": "region", "version": 1 }, "end_va": 1958895615, "entry_point": 1958817219, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_783", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958805504, "timestamp": "00:00:21.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4177919, "entry_point": 3936909, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_784", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:00:21.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956315136, "type": "region", "version": 1 }, "end_va": 1956556799, "entry_point": 1956319885, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_789", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956315136, "timestamp": "00:00:21.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963524096, "type": "region", "version": 1 }, "end_va": 1963573247, "entry_point": 1963528417, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_790", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963524096, "timestamp": "00:00:21.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 25296896, "type": "region", "version": 1 }, "end_va": 26345471, "entry_point": 0, "filename": null, "id": "region_791", "name": "private_0x0000000001820000", "norm_filename": null, "region_type": "private_memory", "start_va": 25296896, "timestamp": "00:00:21.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_792", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:21.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1922498560, "type": "region", "version": 1 }, "end_va": 1922551807, "entry_point": 1922521885, "filename": "\\Windows\\System32\\pstorec.dll", "id": "region_793", "name": "pstorec.dll", "norm_filename": "c:\\windows\\system32\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1922498560, "timestamp": "00:00:21.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1938030592, "type": "region", "version": 1 }, "end_va": 1938112511, "entry_point": 1938038185, "filename": "\\Windows\\System32\\atl.dll", "id": "region_794", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1938030592, "timestamp": "00:00:21.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1852047360, "type": "region", "version": 1 }, "end_va": 1852096511, "entry_point": 1852047360, "filename": "\\Windows\\System32\\vaultcli.dll", "id": "region_795", "name": "vaultcli.dll", "norm_filename": "c:\\windows\\system32\\vaultcli.dll", "region_type": "memory_mapped_file", "start_va": 1852047360, "timestamp": "00:00:21.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 8720383, "entry_point": 0, "filename": null, "id": "region_821", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:00:22.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1777664, "start_va": 26345472, "type": "region", "version": 1 }, "end_va": 28123135, "entry_point": 27797539, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_825", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 26345472, "timestamp": "00:00:22.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1826881536, "type": "region", "version": 1 }, "end_va": 1828671487, "entry_point": 1828333603, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_827", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1826881536, "timestamp": "00:00:22.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1849360384, "type": "region", "version": 1 }, "end_va": 1849565183, "entry_point": 1849374705, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_828", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1849360384, "timestamp": "00:00:22.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1843658752, "type": "region", "version": 1 }, "end_va": 1843687423, "entry_point": 1843663136, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_829", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1843658752, "timestamp": "00:00:22.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969901567, "entry_point": 1969689693, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_830", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:00:22.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1985830911, "entry_point": 1985812354, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_831", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:22.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1834745856, "type": "region", "version": 1 }, "end_va": 1835524095, "entry_point": 1834819836, "filename": "\\Program Files\\Mozilla Firefox\\msvcr100.dll", "id": "region_832", "name": "msvcr100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1834745856, "timestamp": "00:00:22.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1834549248, "type": "region", "version": 1 }, "end_va": 1834688511, "entry_point": 1834638448, "filename": "\\Program Files\\Mozilla Firefox\\mozglue.dll", "id": "region_833", "name": "mozglue.dll", "norm_filename": "c:\\program files\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1834549248, "timestamp": "00:00:22.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1830092800, "type": "region", "version": 1 }, "end_va": 1830522879, "entry_point": 1830304996, "filename": "\\Program Files\\Mozilla Firefox\\msvcp100.dll", "id": "region_834", "name": "msvcp100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1830092800, "timestamp": "00:00:22.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_835", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:00:22.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 8519679, "entry_point": 0, "filename": null, "id": "region_836", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:00:22.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26345472, "type": "region", "version": 1 }, "end_va": 27394047, "entry_point": 0, "filename": null, "id": "region_837", "name": "private_0x0000000001920000", "norm_filename": null, "region_type": "private_memory", "start_va": 26345472, "timestamp": "00:00:22.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 27394048, "type": "region", "version": 1 }, "end_va": 28442623, "entry_point": 0, "filename": null, "id": "region_838", "name": "private_0x0000000001a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 27394048, "timestamp": "00:00:22.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 28311552, "type": "region", "version": 1 }, "end_va": 29360127, "entry_point": 0, "filename": null, "id": "region_839", "name": "private_0x0000000001b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 28311552, "timestamp": "00:00:22.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1829896192, "type": "region", "version": 1 }, "end_va": 1830055935, "entry_point": 1830012297, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_840", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1829896192, "timestamp": "00:00:22.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1829765120, "type": "region", "version": 1 }, "end_va": 1829859327, "entry_point": 1829837472, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_841", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1829765120, "timestamp": "00:00:22.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 3932160, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_842", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:00:22.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4026367, "entry_point": 0, "filename": null, "id": "region_843", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:00:22.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4071423, "entry_point": 0, "filename": null, "id": "region_844", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:00:22.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 33501183, "entry_point": 0, "filename": null, "id": "region_845", "name": "pagefile_0x0000000001c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29360128, "timestamp": "00:00:22.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1829437440, "type": "region", "version": 1 }, "end_va": 1829761023, "entry_point": 1829659650, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_847", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1829437440, "timestamp": "00:00:22.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1829699584, "type": "region", "version": 1 }, "end_va": 1829859327, "entry_point": 1829815689, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_848", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1829699584, "timestamp": "00:00:22.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1829961728, "type": "region", "version": 1 }, "end_va": 1830055935, "entry_point": 1830034080, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_849", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1829961728, "timestamp": "00:00:22.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1829371904, "type": "region", "version": 1 }, "end_va": 1829695487, "entry_point": 1829594114, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_850", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1829371904, "timestamp": "00:00:22.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_851", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:22.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4157439, "entry_point": 0, "filename": null, "id": "region_852", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:00:22.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3960831, "entry_point": 0, "filename": null, "id": "region_853", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:00:22.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997557759, "entry_point": 1997542456, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_874", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:00:22.516", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\widfu\"", "filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "id": "proc_7", "image_name": "regsvcs.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00000677-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_678", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:20.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_679", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:20.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_680", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:20.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4341759, "entry_point": 0, "filename": null, "id": "region_681", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:20.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9363455, "entry_point": 9339454, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", "id": "region_682", "name": "regsvcs.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "region_type": "memory_mapped_file", "start_va": 9306112, "timestamp": "00:00:20.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1996226560, "type": "region", "version": 1 }, "end_va": 1997520895, "entry_point": 1996226560, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_683", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996226560, "timestamp": "00:00:20.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1998589951, "entry_point": 1998585856, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_684", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:20.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_685", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:20.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:20.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_687", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:20.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_689", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:20.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1966252031, "entry_point": 1965981152, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_690", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:20.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1990934527, "entry_point": 1990376932, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_691", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:00:20.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_692", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:20.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_693", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:21.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3768319, "entry_point": 0, "filename": null, "id": "region_694", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:00:21.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_695", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:00:21.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1835794432, "type": "region", "version": 1 }, "end_va": 1836335103, "entry_point": 1835801001, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_696", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1835794432, "timestamp": "00:00:21.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1968824319, "entry_point": 1968544777, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_697", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:00:21.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969655807, "entry_point": 1968953105, "filename": "\\Windows\\System32\\user32.dll", "id": "region_698", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:21.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970302975, "entry_point": 1970052006, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_699", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:00:21.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970466815, "entry_point": 1970344789, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_700", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:21.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971306495, "entry_point": 1970476683, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_701", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:00:21.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1972895744, "type": "region", "version": 1 }, "end_va": 1985781759, "entry_point": 1973425665, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_702", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1972895744, "timestamp": "00:00:21.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985871872, "type": "region", "version": 1 }, "end_va": 1986514943, "entry_point": 1986084823, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_703", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985871872, "timestamp": "00:00:21.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986527232, "type": "region", "version": 1 }, "end_va": 1987952639, "entry_point": 1986837053, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_704", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986527232, "timestamp": "00:00:21.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1989410816, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989495269, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_705", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1989410816, "timestamp": "00:00:21.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1990983680, "type": "region", "version": 1 }, "end_va": 1991643135, "entry_point": 1991189555, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_706", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1990983680, "timestamp": "00:00:21.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993408512, "type": "region", "version": 1 }, "end_va": 1994113023, "entry_point": 1993450610, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_707", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993408512, "timestamp": "00:00:21.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997705215, "entry_point": 1997621621, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_708", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:21.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1997971455, "entry_point": 1997935468, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_709", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:00:21.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1997996032, "type": "region", "version": 1 }, "end_va": 1998499839, "entry_point": 1998002926, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_710", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1997996032, "timestamp": "00:00:21.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_711", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:21.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_751", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:21.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_752", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:21.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5443583, "entry_point": 0, "filename": null, "id": "region_753", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:00:21.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 7602175, "entry_point": 0, "filename": null, "id": "region_754", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:00:21.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 21954559, "entry_point": 0, "filename": null, "id": "region_755", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:00:21.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 22020096, "type": "region", "version": 1 }, "end_va": 23068671, "entry_point": 0, "filename": null, "id": "region_764", "name": "private_0x0000000001500000", "norm_filename": null, "region_type": "private_memory", "start_va": 22020096, "timestamp": "00:00:21.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_765", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:21.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3805183, "entry_point": 0, "filename": null, "id": "region_766", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:00:21.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_767", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:00:21.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 23068672, "type": "region", "version": 1 }, "end_va": 26013695, "entry_point": 23068672, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_768", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 23068672, "timestamp": "00:00:21.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1965936639, "entry_point": 1964774794, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_769", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:00:21.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964556287, "entry_point": 1964516238, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_770", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:21.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1963393024, "type": "region", "version": 1 }, "end_va": 1963503615, "entry_point": 1963430841, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_775", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963393024, "timestamp": "00:00:21.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1828716544, "type": "region", "version": 1 }, "end_va": 1830506495, "entry_point": 1828716544, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_776", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1828716544, "timestamp": "00:00:21.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1849360384, "type": "region", "version": 1 }, "end_va": 1849565183, "entry_point": 1849374705, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_778", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1849360384, "timestamp": "00:00:21.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1922564096, "type": "region", "version": 1 }, "end_va": 1922592767, "entry_point": 1922568480, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_779", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1922564096, "timestamp": "00:00:21.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969901567, "entry_point": 1969689693, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_780", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:00:21.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1985830911, "entry_point": 1985812354, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_781", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:21.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1827930112, "type": "region", "version": 1 }, "end_va": 1828708351, "entry_point": 1827930112, "filename": "\\Program Files\\Mozilla Firefox\\msvcr100.dll", "id": "region_782", "name": "msvcr100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1827930112, "timestamp": "00:00:21.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1835335680, "type": "region", "version": 1 }, "end_va": 1835474943, "entry_point": 1835335680, "filename": "\\Program Files\\Mozilla Firefox\\mozglue.dll", "id": "region_796", "name": "mozglue.dll", "norm_filename": "c:\\program files\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1835335680, "timestamp": "00:00:21.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1827471360, "type": "region", "version": 1 }, "end_va": 1827901439, "entry_point": 1827471360, "filename": "\\Program Files\\Mozilla Firefox\\msvcp100.dll", "id": "region_797", "name": "msvcp100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1827471360, "timestamp": "00:00:21.837", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000798-addr_0x00000000018d0000-size_0x0000000000220000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2228224, "start_va": 26017792, "type": "region", "version": 1 }, "end_va": 28246015, "entry_point": 0, "filename": null, "id": "region_798", "name": "private_0x00000000018d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26017792, "timestamp": "00:00:21.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_799", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:21.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 8650751, "entry_point": 0, "filename": null, "id": "region_800", "name": "private_0x0000000000740000", "norm_filename": null, "region_type": "private_memory", "start_va": 7602176, "timestamp": "00:00:21.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26017792, "type": "region", "version": 1 }, "end_va": 27066367, "entry_point": 0, "filename": null, "id": "region_801", "name": "private_0x00000000018d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26017792, "timestamp": "00:00:21.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 27983872, "type": "region", "version": 1 }, "end_va": 28246015, "entry_point": 0, "filename": null, "id": "region_802", "name": "private_0x0000000001ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27983872, "timestamp": "00:00:21.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26214400, "type": "region", "version": 1 }, "end_va": 27262975, "entry_point": 0, "filename": null, "id": "region_803", "name": "private_0x0000000001900000", "norm_filename": null, "region_type": "private_memory", "start_va": 26214400, "timestamp": "00:00:21.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1835139072, "type": "region", "version": 1 }, "end_va": 1835298815, "entry_point": 1835139072, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_804", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1835139072, "timestamp": "00:00:21.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1835008000, "type": "region", "version": 1 }, "end_va": 1835102207, "entry_point": 1835008000, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_805", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1835008000, "timestamp": "00:00:21.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 3866624, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_806", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 3866624, "timestamp": "00:00:22.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_807", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:22.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4026367, "entry_point": 0, "filename": null, "id": "region_808", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:00:22.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4071423, "entry_point": 0, "filename": null, "id": "region_809", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:00:22.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28246016, "type": "region", "version": 1 }, "end_va": 32387071, "entry_point": 0, "filename": null, "id": "region_810", "name": "pagefile_0x0000000001af0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28246016, "timestamp": "00:00:22.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1834680320, "type": "region", "version": 1 }, "end_va": 1835003903, "entry_point": 1834680320, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_812", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1834680320, "timestamp": "00:00:22.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963524096, "type": "region", "version": 1 }, "end_va": 1963573247, "entry_point": 1963528417, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_813", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963524096, "timestamp": "00:00:22.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958805504, "type": "region", "version": 1 }, "end_va": 1958895615, "entry_point": 1958817219, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_814", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958805504, "timestamp": "00:00:22.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 7061503, "entry_point": 6820493, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_815", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 6815744, "timestamp": "00:00:22.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956315136, "type": "region", "version": 1 }, "end_va": 1956556799, "entry_point": 1956319885, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_820", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956315136, "timestamp": "00:00:22.107", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\zljxukhl\"", "filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "id": "proc_8", "image_name": "regsvcs.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00000712-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:21.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_713", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_714", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:21.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_715", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:21.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4317183, "entry_point": 0, "filename": null, "id": "region_716", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:21.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9363455, "entry_point": 9339454, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", "id": "region_717", "name": "regsvcs.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "region_type": "memory_mapped_file", "start_va": 9306112, "timestamp": "00:00:21.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1996226560, "type": "region", "version": 1 }, "end_va": 1997520895, "entry_point": 1996226560, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_718", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996226560, "timestamp": "00:00:21.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1998589951, "entry_point": 1998585856, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_719", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_720", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:21.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_721", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:21.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_722", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:21.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_723", "name": "private_0x0000000000500000", "norm_filename": null, "region_type": "private_memory", "start_va": 5242880, "timestamp": "00:00:21.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1966252031, "entry_point": 1965981152, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_724", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:00:21.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1990934527, "entry_point": 1990376932, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_725", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:00:21.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_726", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_727", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:21.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3375103, "entry_point": 0, "filename": null, "id": "region_728", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:00:21.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 8388607, "entry_point": 0, "filename": null, "id": "region_729", "name": "private_0x00000000007f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8323072, "timestamp": "00:00:21.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1835794432, "type": "region", "version": 1 }, "end_va": 1836335103, "entry_point": 1835801001, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_730", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1835794432, "timestamp": "00:00:21.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1968824319, "entry_point": 1968544777, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_731", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:00:21.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969655807, "entry_point": 1968953105, "filename": "\\Windows\\System32\\user32.dll", "id": "region_732", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:00:21.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970302975, "entry_point": 1970052006, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_733", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:00:21.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970466815, "entry_point": 1970344789, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_734", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:21.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971306495, "entry_point": 1970476683, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_735", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:00:21.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1972895744, "type": "region", "version": 1 }, "end_va": 1985781759, "entry_point": 1973425665, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_736", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1972895744, "timestamp": "00:00:21.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985871872, "type": "region", "version": 1 }, "end_va": 1986514943, "entry_point": 1986084823, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_737", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985871872, "timestamp": "00:00:21.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986527232, "type": "region", "version": 1 }, "end_va": 1987952639, "entry_point": 1986837053, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_738", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986527232, "timestamp": "00:00:21.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1989410816, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989495269, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_739", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1989410816, "timestamp": "00:00:21.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1990983680, "type": "region", "version": 1 }, "end_va": 1991643135, "entry_point": 1991189555, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_740", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1990983680, "timestamp": "00:00:21.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993408512, "type": "region", "version": 1 }, "end_va": 1994113023, "entry_point": 1993450610, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_741", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993408512, "timestamp": "00:00:21.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997705215, "entry_point": 1997621621, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_742", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:21.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1997971455, "entry_point": 1997935468, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_743", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:00:21.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1997996032, "type": "region", "version": 1 }, "end_va": 1998499839, "entry_point": 1998002926, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_744", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1997996032, "timestamp": "00:00:21.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_745", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:21.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_746", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:21.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_747", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:21.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_748", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:21.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 7344127, "entry_point": 0, "filename": null, "id": "region_749", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:00:21.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 21954559, "entry_point": 0, "filename": null, "id": "region_750", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:00:21.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_761", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:21.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 21954560, "type": "region", "version": 1 }, "end_va": 23003135, "entry_point": 0, "filename": null, "id": "region_762", "name": "private_0x00000000014f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21954560, "timestamp": "00:00:21.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 23003136, "type": "region", "version": 1 }, "end_va": 25948159, "entry_point": 23003136, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_763", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 23003136, "timestamp": "00:00:21.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1922498560, "type": "region", "version": 1 }, "end_va": 1922551807, "entry_point": 1922498560, "filename": "\\Windows\\System32\\pstorec.dll", "id": "region_771", "name": "pstorec.dll", "norm_filename": "c:\\windows\\system32\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1922498560, "timestamp": "00:00:21.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1938030592, "type": "region", "version": 1 }, "end_va": 1938112511, "entry_point": 1938030592, "filename": "\\Windows\\System32\\atl.dll", "id": "region_777", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1938030592, "timestamp": "00:00:21.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 27525120, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_905", "name": "private_0x0000000001a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 27525120, "timestamp": "00:00:26.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1965936639, "entry_point": 1964774794, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_906", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:00:26.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_907", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:26.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1964556287, "entry_point": 1964516238, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_908", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:26.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1963393024, "type": "region", "version": 1 }, "end_va": 1963503615, "entry_point": 1963430841, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_909", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963393024, "timestamp": "00:00:26.484", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cih.exe\" C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cvn-nhc", "filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "id": "proc_9", "image_name": "cih.exe", "monitor_reason": "autostart", "monitored_id": 9, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1047", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:58.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1048", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:58.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_1049", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:58.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_1050", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:58.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 16384000, "type": "region", "version": 1 }, "end_va": 17219583, "entry_point": 16384000, "filename": "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cih.exe", "id": "region_1051", "name": "cih.exe", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "region_type": "memory_mapped_file", "start_va": 16384000, "timestamp": "00:00:58.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2005057535, "entry_point": 2003763200, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1052", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:00:58.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2006122496, "type": "region", "version": 1 }, "end_va": 2006126591, "entry_point": 2006122496, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1053", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2006122496, "timestamp": "00:00:58.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1054", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:58.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_1055", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:58.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1056", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:58.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 11927551, "entry_point": 0, "filename": null, "id": "region_1057", "name": "private_0x0000000000760000", "norm_filename": null, "region_type": "private_memory", "start_va": 7733248, "timestamp": "00:00:58.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1973616640, "type": "region", "version": 1 }, "end_va": 1973919743, "entry_point": 1973616640, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1058", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1973616640, "timestamp": "00:00:58.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1974730752, "type": "region", "version": 1 }, "end_va": 1975599103, "entry_point": 1974730752, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1059", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1974730752, "timestamp": "00:00:58.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1060", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:58.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1061", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:58.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1858600960, "type": "region", "version": 1 }, "end_va": 1858805759, "entry_point": 1858600960, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1062", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1858600960, "timestamp": "00:00:58.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1859256320, "type": "region", "version": 1 }, "end_va": 1859284991, "entry_point": 1859256320, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1063", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1859256320, "timestamp": "00:00:58.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1910964224, "type": "region", "version": 1 }, "end_va": 1911037951, "entry_point": 1910964224, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1064", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1910964224, "timestamp": "00:00:58.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1956372479, "entry_point": 1954676736, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1065", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:58.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1960378368, "type": "region", "version": 1 }, "end_va": 1960415231, "entry_point": 1960378368, "filename": "\\Windows\\System32\\version.dll", "id": "region_1066", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1960378368, "timestamp": "00:00:58.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1961820160, "type": "region", "version": 1 }, "end_va": 1961914367, "entry_point": 1961820160, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1067", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1961820160, "timestamp": "00:00:58.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1971585024, "type": "region", "version": 1 }, "end_va": 1971630079, "entry_point": 1971585024, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1068", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1971585024, "timestamp": "00:00:58.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972043776, "type": "region", "version": 1 }, "end_va": 1972092927, "entry_point": 1972043776, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1069", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1972043776, "timestamp": "00:00:58.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972436992, "type": "region", "version": 1 }, "end_va": 1973604351, "entry_point": 1972436992, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1070", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972436992, "timestamp": "00:00:58.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1975648256, "type": "region", "version": 1 }, "end_va": 1976651775, "entry_point": 1975648256, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1071", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1975648256, "timestamp": "00:00:59.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976696832, "type": "region", "version": 1 }, "end_va": 1977401343, "entry_point": 1976696832, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1072", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976696832, "timestamp": "00:00:59.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977614336, "type": "region", "version": 1 }, "end_va": 1979691007, "entry_point": 1977614336, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1073", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977614336, "timestamp": "00:00:59.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979711488, "type": "region", "version": 1 }, "end_va": 1980366847, "entry_point": 1979711488, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1074", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979711488, "timestamp": "00:00:59.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1981218816, "type": "region", "version": 1 }, "end_va": 1982644223, "entry_point": 1981218816, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1075", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1981218816, "timestamp": "00:00:59.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1982660608, "type": "region", "version": 1 }, "end_va": 1983246335, "entry_point": 1982660608, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1076", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1982660608, "timestamp": "00:00:59.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983909887, "entry_point": 1983250432, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1077", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:00:59.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984618495, "entry_point": 1984299008, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1078", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:00:59.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985449983, "entry_point": 1984626688, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1079", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:00:59.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1985478656, "type": "region", "version": 1 }, "end_va": 1985519615, "entry_point": 1985478656, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1080", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1985478656, "timestamp": "00:00:59.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1985900543, "entry_point": 1985544192, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1081", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:59.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1986330624, "type": "region", "version": 1 }, "end_va": 1986355199, "entry_point": 1986330624, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1082", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1986330624, "timestamp": "00:00:59.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1987825663, "entry_point": 1987182592, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1083", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:00:59.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 2000723967, "entry_point": 1987837952, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1084", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:00:59.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 2002452480, "type": "region", "version": 1 }, "end_va": 2003722239, "entry_point": 2002452480, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1085", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 2002452480, "timestamp": "00:01:00.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2005073920, "type": "region", "version": 1 }, "end_va": 2005094399, "entry_point": 2005073920, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1086", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2005073920, "timestamp": "00:01:00.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 2005139456, "type": "region", "version": 1 }, "end_va": 2005241855, "entry_point": 2005139456, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1087", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 2005139456, "timestamp": "00:01:00.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 2005270528, "type": "region", "version": 1 }, "end_va": 2005774335, "entry_point": 2005270528, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1088", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 2005270528, "timestamp": "00:01:00.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2005794816, "type": "region", "version": 1 }, "end_va": 2006011903, "entry_point": 2005794816, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1089", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2005794816, "timestamp": "00:01:00.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1090", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:00.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1091", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:00.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1605631, "entry_point": 0, "filename": null, "id": "region_1092", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:00.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1981202431, "entry_point": 1980366848, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1093", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:01:00.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1986396160, "type": "region", "version": 1 }, "end_va": 1986523135, "entry_point": 1986396160, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1094", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1986396160, "timestamp": "00:01:00.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6885375, "entry_point": 0, "filename": null, "id": "region_1095", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:01:00.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 6950911, "entry_point": 0, "filename": null, "id": "region_1096", "name": "private_0x00000000006a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6946816, "timestamp": "00:01:00.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 7016447, "entry_point": 0, "filename": null, "id": "region_1097", "name": "private_0x00000000006b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7012352, "timestamp": "00:01:00.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7151615, "entry_point": 0, "filename": null, "id": "region_1098", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:01:00.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 13238272, "type": "region", "version": 1 }, "end_va": 13303807, "entry_point": 0, "filename": null, "id": "region_1099", "name": "private_0x0000000000ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13238272, "timestamp": "00:01:00.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 29818879, "entry_point": 0, "filename": null, "id": "region_1100", "name": "pagefile_0x0000000001070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17235968, "timestamp": "00:01:00.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1953103872, "type": "region", "version": 1 }, "end_va": 1953366015, "entry_point": 1953103872, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1101", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1953103872, "timestamp": "00:01:01.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1310720, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 13238271, "entry_point": 0, "filename": null, "id": "region_1102", "name": "private_0x0000000000b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 11927552, "timestamp": "00:01:01.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 12840959, "entry_point": 0, "filename": null, "id": "region_1103", "name": "pagefile_0x0000000000b60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11927552, "timestamp": "00:01:01.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 13238271, "entry_point": 0, "filename": null, "id": "region_1104", "name": "private_0x0000000000c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 12976128, "timestamp": "00:01:01.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 7081983, "entry_point": 0, "filename": null, "id": "region_1105", "name": "pagefile_0x00000000006c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7077888, "timestamp": "00:01:01.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 16248831, "entry_point": 13303808, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1106", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 13303808, "timestamp": "00:01:01.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 7217151, "entry_point": 0, "filename": null, "id": "region_1107", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:01:01.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 34930687, "entry_point": 0, "filename": null, "id": "region_1108", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:01:01.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1109", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:01.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 7278591, "entry_point": 0, "filename": null, "id": "region_1110", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:01.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1972269055, "entry_point": 1972109312, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1111", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:01:01.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1972305920, "type": "region", "version": 1 }, "end_va": 1972379647, "entry_point": 1972305920, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1112", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1972305920, "timestamp": "00:01:01.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2002440191, "entry_point": 2000748544, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1113", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:01.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 7368703, "entry_point": 0, "filename": null, "id": "region_1114", "name": "pagefile_0x0000000000700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7340032, "timestamp": "00:01:01.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 7413759, "entry_point": 0, "filename": null, "id": "region_1115", "name": "pagefile_0x0000000000710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7405568, "timestamp": "00:01:01.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 39071743, "entry_point": 0, "filename": null, "id": "region_1116", "name": "pagefile_0x0000000002150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34930688, "timestamp": "00:01:01.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 30195711, "entry_point": 29818880, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1117", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 29818880, "timestamp": "00:01:01.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 30195711, "entry_point": 29963705, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1118", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 29818880, "timestamp": "00:01:01.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1970913279, "entry_point": 1970864128, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1119", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:01.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7475199, "entry_point": 0, "filename": null, "id": "region_1120", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:01:02.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 39911424, "type": "region", "version": 1 }, "end_va": 44105727, "entry_point": 0, "filename": null, "id": "region_1121", "name": "private_0x0000000002610000", "norm_filename": null, "region_type": "private_memory", "start_va": 39911424, "timestamp": "00:01:02.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44105728, "type": "region", "version": 1 }, "end_va": 45154303, "entry_point": 0, "filename": null, "id": "region_1122", "name": "private_0x0000000002a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 44105728, "timestamp": "00:01:02.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1123", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:02.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1949761536, "type": "region", "version": 1 }, "end_va": 1949839359, "entry_point": 1949761536, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1124", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1949761536, "timestamp": "00:01:02.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_1125", "name": "private_0x0000000001c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 29818880, "timestamp": "00:01:02.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 39124992, "type": "region", "version": 1 }, "end_va": 39780351, "entry_point": 0, "filename": null, "id": "region_1126", "name": "private_0x0000000002550000", "norm_filename": null, "region_type": "private_memory", "start_va": 39124992, "timestamp": "00:01:02.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 7602175, "entry_point": 0, "filename": null, "id": "region_1127", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:01:02.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 7622655, "entry_point": 0, "filename": null, "id": "region_1128", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:01:02.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 7557119, "entry_point": 0, "filename": null, "id": "region_1129", "name": "pagefile_0x0000000000730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7536640, "timestamp": "00:01:02.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1822720, "start_va": 45154304, "type": "region", "version": 1 }, "end_va": 46977023, "entry_point": 0, "filename": null, "id": "region_1160", "name": "private_0x0000000002b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 45154304, "timestamp": "00:01:02.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 45154304, "type": "region", "version": 1 }, "end_va": 47251455, "entry_point": 0, "filename": null, "id": "region_1163", "name": "private_0x0000000002b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 45154304, "timestamp": "00:01:03.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1114112, "start_va": 52953088, "type": "region", "version": 1 }, "end_va": 54067199, "entry_point": 0, "filename": null, "id": "region_1164", "name": "private_0x0000000003280000", "norm_filename": null, "region_type": "private_memory", "start_va": 52953088, "timestamp": "00:01:03.199", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cih.exe C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\KQMAO", "filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "id": "proc_10", "image_name": "cih.exe", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 9, "ref_parent_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1165", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:03.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1166", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:03.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_1167", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:03.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_1168", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:03.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 16384000, "type": "region", "version": 1 }, "end_va": 17219583, "entry_point": 16475361, "filename": "\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cih.exe", "id": "region_1169", "name": "cih.exe", "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe", "region_type": "memory_mapped_file", "start_va": 16384000, "timestamp": "00:01:03.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2005057535, "entry_point": 2003763200, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1170", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:01:03.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2006122496, "type": "region", "version": 1 }, "end_va": 2006126591, "entry_point": 2006122496, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1171", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2006122496, "timestamp": "00:01:03.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1172", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:03.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1173", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:03.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1174", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:03.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1175", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:03.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1176", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:03.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1177", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:03.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 11272191, "entry_point": 0, "filename": null, "id": "region_1178", "name": "private_0x00000000006c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7077888, "timestamp": "00:01:03.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1858600960, "type": "region", "version": 1 }, "end_va": 1858805759, "entry_point": 1858615281, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1179", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1858600960, "timestamp": "00:01:03.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1859256320, "type": "region", "version": 1 }, "end_va": 1859284991, "entry_point": 1859260704, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1180", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1859256320, "timestamp": "00:01:03.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1910964224, "type": "region", "version": 1 }, "end_va": 1911037951, "entry_point": 1910968832, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1181", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1910964224, "timestamp": "00:01:03.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1956372479, "entry_point": 1954866869, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1182", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:01:03.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1960378368, "type": "region", "version": 1 }, "end_va": 1960415231, "entry_point": 1960383008, "filename": "\\Windows\\System32\\version.dll", "id": "region_1183", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1960378368, "timestamp": "00:01:03.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1961820160, "type": "region", "version": 1 }, "end_va": 1961914367, "entry_point": 1961827485, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1184", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1961820160, "timestamp": "00:01:03.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1971585024, "type": "region", "version": 1 }, "end_va": 1971630079, "entry_point": 1971591570, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1185", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1971585024, "timestamp": "00:01:03.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972043776, "type": "region", "version": 1 }, "end_va": 1972092927, "entry_point": 1972052878, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1186", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1972043776, "timestamp": "00:01:03.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972436992, "type": "region", "version": 1 }, "end_va": 1973604351, "entry_point": 1972442506, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1187", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972436992, "timestamp": "00:01:03.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1973616640, "type": "region", "version": 1 }, "end_va": 1973919743, "entry_point": 1973648864, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1188", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1973616640, "timestamp": "00:01:03.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1974730752, "type": "region", "version": 1 }, "end_va": 1975599103, "entry_point": 1975041508, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1189", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1974730752, "timestamp": "00:01:03.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1975648256, "type": "region", "version": 1 }, "end_va": 1976651775, "entry_point": 1975654501, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1190", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1975648256, "timestamp": "00:01:03.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976696832, "type": "region", "version": 1 }, "end_va": 1977401343, "entry_point": 1976738930, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1191", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976696832, "timestamp": "00:01:03.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977614336, "type": "region", "version": 1 }, "end_va": 1979691007, "entry_point": 1977623257, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1192", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977614336, "timestamp": "00:01:03.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979711488, "type": "region", "version": 1 }, "end_va": 1980366847, "entry_point": 1979795941, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1193", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979711488, "timestamp": "00:01:03.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1981218816, "type": "region", "version": 1 }, "end_va": 1982644223, "entry_point": 1981528637, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1194", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1981218816, "timestamp": "00:01:03.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1982660608, "type": "region", "version": 1 }, "end_va": 1983246335, "entry_point": 1982676913, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1195", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1982660608, "timestamp": "00:01:03.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983909887, "entry_point": 1983456307, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1196", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:03.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984618495, "entry_point": 1984338953, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1197", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:03.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985449983, "entry_point": 1984747281, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1198", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:01:03.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1985478656, "type": "region", "version": 1 }, "end_va": 1985519615, "entry_point": 1985483628, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1199", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1985478656, "timestamp": "00:01:03.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1985900543, "entry_point": 1985649574, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1200", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:03.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1986330624, "type": "region", "version": 1 }, "end_va": 1986355199, "entry_point": 1986336642, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1201", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1986330624, "timestamp": "00:01:03.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1987825663, "entry_point": 1987395543, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1202", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:01:03.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 2000723967, "entry_point": 1988367873, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1203", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:01:03.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 2002452480, "type": "region", "version": 1 }, "end_va": 2003722239, "entry_point": 2002459445, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1204", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 2002452480, "timestamp": "00:01:03.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2005073920, "type": "region", "version": 1 }, "end_va": 2005094399, "entry_point": 2005079096, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1205", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2005073920, "timestamp": "00:01:03.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 2005139456, "type": "region", "version": 1 }, "end_va": 2005241855, "entry_point": 2005158261, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1206", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 2005139456, "timestamp": "00:01:03.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 2005270528, "type": "region", "version": 1 }, "end_va": 2005774335, "entry_point": 2005277422, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1207", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 2005270528, "timestamp": "00:01:03.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2005794816, "type": "region", "version": 1 }, "end_va": 2006011903, "entry_point": 2005800029, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1208", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2005794816, "timestamp": "00:01:03.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1209", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:03.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7045119, "entry_point": 0, "filename": null, "id": "region_1210", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:01:03.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1981202431, "entry_point": 1980372619, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1211", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:01:03.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1986396160, "type": "region", "version": 1 }, "end_va": 1986523135, "entry_point": 1986401109, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1212", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1986396160, "timestamp": "00:01:03.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1213", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:03.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1214", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:03.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1215", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:03.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 11272192, "type": "region", "version": 1 }, "end_va": 12324863, "entry_point": 0, "filename": null, "id": "region_1216", "name": "pagefile_0x0000000000ac0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11272192, "timestamp": "00:01:03.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 13369343, "entry_point": 0, "filename": null, "id": "region_1217", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:01:03.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 29818879, "entry_point": 0, "filename": null, "id": "region_1218", "name": "pagefile_0x0000000001070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17235968, "timestamp": "00:01:03.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1953103872, "type": "region", "version": 1 }, "end_va": 1953366015, "entry_point": 1953145565, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1219", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1953103872, "timestamp": "00:01:03.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 13369344, "type": "region", "version": 1 }, "end_va": 14417919, "entry_point": 0, "filename": null, "id": "region_1220", "name": "private_0x0000000000cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13369344, "timestamp": "00:01:03.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 13299711, "entry_point": 0, "filename": null, "id": "region_1221", "name": "pagefile_0x0000000000bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12386304, "timestamp": "00:01:03.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_1222", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:03.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 32763903, "entry_point": 29818880, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1223", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 29818880, "timestamp": "00:01:03.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_1224", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:03.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 36962303, "entry_point": 0, "filename": null, "id": "region_1225", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:01:04.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1226", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:04.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1227", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:04.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1490943, "entry_point": 1258937, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1228", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:04.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1970913279, "entry_point": 1970868449, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1230", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:04.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 14417920, "type": "region", "version": 1 }, "end_va": 15466495, "entry_point": 0, "filename": null, "id": "region_1231", "name": "private_0x0000000000dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14417920, "timestamp": "00:01:04.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1972269055, "entry_point": 1972132025, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1232", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:01:04.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1972305920, "type": "region", "version": 1 }, "end_va": 1972379647, "entry_point": 1972311105, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1233", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1972305920, "timestamp": "00:01:04.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2002440191, "entry_point": 2000754663, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1234", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:01:04.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 0, "filename": null, "id": "region_1235", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:04.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_1236", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:04.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_1237", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:04.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 36962304, "type": "region", "version": 1 }, "end_va": 41103359, "entry_point": 0, "filename": null, "id": "region_1238", "name": "pagefile_0x0000000002340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36962304, "timestamp": "00:01:04.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 41418752, "type": "region", "version": 1 }, "end_va": 45613055, "entry_point": 0, "filename": null, "id": "region_1239", "name": "private_0x0000000002780000", "norm_filename": null, "region_type": "private_memory", "start_va": 41418752, "timestamp": "00:01:04.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1240", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:04.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1949761536, "type": "region", "version": 1 }, "end_va": 1949839359, "entry_point": 1949769023, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1241", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1949761536, "timestamp": "00:01:04.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13369344, "type": "region", "version": 1 }, "end_va": 13893631, "entry_point": 0, "filename": null, "id": "region_1242", "name": "private_0x0000000000cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13369344, "timestamp": "00:01:04.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14155776, "type": "region", "version": 1 }, "end_va": 14417919, "entry_point": 0, "filename": null, "id": "region_1243", "name": "private_0x0000000000d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 14155776, "timestamp": "00:01:04.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15466496, "type": "region", "version": 1 }, "end_va": 15990783, "entry_point": 0, "filename": null, "id": "region_1244", "name": "private_0x0000000000ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15466496, "timestamp": "00:01:04.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 1310720, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_1245", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:04.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 45613056, "type": "region", "version": 1 }, "end_va": 47710207, "entry_point": 0, "filename": null, "id": "region_1247", "name": "private_0x0000000002b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 45613056, "timestamp": "00:01:04.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1822720, "start_va": 47710208, "type": "region", "version": 1 }, "end_va": 49532927, "entry_point": 0, "filename": null, "id": "region_1248", "name": "private_0x0000000002d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 47710208, "timestamp": "00:01:04.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 48627712, "type": "region", "version": 1 }, "end_va": 52822015, "entry_point": 0, "filename": null, "id": "region_1262", "name": "private_0x0000000002e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 48627712, "timestamp": "00:01:07.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1822720, "start_va": 52822016, "type": "region", "version": 1 }, "end_va": 54644735, "entry_point": 0, "filename": null, "id": "region_1263", "name": "private_0x0000000003260000", "norm_filename": null, "region_type": "private_memory", "start_va": 52822016, "timestamp": "00:01:07.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_1264", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:01:07.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966235647, "entry_point": 1966145536, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1269", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:01:07.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1556479, "entry_point": 1310720, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1270", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:07.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1556479, "entry_point": 1315469, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1271", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:07.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963896831, "entry_point": 1963659917, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1275", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:01:07.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1277", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:07.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_1278", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:07.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_1279", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:07.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_1280", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:07.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_1281", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:07.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_1282", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:07.300", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe\"", "filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "id": "proc_11", "image_name": "regsvcs.exe", "monitor_reason": "child_process", "monitored_id": 11, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1283", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:07.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1284", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:07.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1285", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:07.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_1286", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:07.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 0, "filename": null, "id": "region_1287", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:07.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 13828096, "type": "region", "version": 1 }, "end_va": 13885439, "entry_point": 13828096, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", "id": "region_1288", "name": "regsvcs.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "region_type": "memory_mapped_file", "start_va": 13828096, "timestamp": "00:01:07.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2005057535, "entry_point": 2003763200, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1289", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:01:07.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2006122496, "type": "region", "version": 1 }, "end_va": 2006126591, "entry_point": 2006122496, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1290", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2006122496, "timestamp": "00:01:07.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1291", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:07.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_1292", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:01:07.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1293", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:07.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1294", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:07.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_1295", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:07.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3239935, "entry_point": 2818048, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1296", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:01:07.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_1297", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:07.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1858600960, "type": "region", "version": 1 }, "end_va": 1858805759, "entry_point": 1858615281, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1298", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1858600960, "timestamp": "00:01:07.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 417792, "start_va": 1917059072, "type": "region", "version": 1 }, "end_va": 1917476863, "entry_point": 1917059072, "filename": "\\Windows\\System32\\msvcp60.dll", "id": "region_1299", "name": "msvcp60.dll", "norm_filename": "c:\\windows\\system32\\msvcp60.dll", "region_type": "memory_mapped_file", "start_va": 1917059072, "timestamp": "00:01:07.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1953103871, "entry_point": 1951465472, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_1300", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:01:07.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972043776, "type": "region", "version": 1 }, "end_va": 1972092927, "entry_point": 1972052878, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1301", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1972043776, "timestamp": "00:01:07.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972436992, "type": "region", "version": 1 }, "end_va": 1973604351, "entry_point": 1972442506, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1302", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972436992, "timestamp": "00:01:07.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1973616640, "type": "region", "version": 1 }, "end_va": 1973919743, "entry_point": 1973648864, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1303", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1973616640, "timestamp": "00:01:07.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1974730752, "type": "region", "version": 1 }, "end_va": 1975599103, "entry_point": 1975041508, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1304", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1974730752, "timestamp": "00:01:07.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1975648256, "type": "region", "version": 1 }, "end_va": 1976651775, "entry_point": 1975654501, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1305", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1975648256, "timestamp": "00:01:07.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976696832, "type": "region", "version": 1 }, "end_va": 1977401343, "entry_point": 1976738930, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1306", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976696832, "timestamp": "00:01:07.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977614336, "type": "region", "version": 1 }, "end_va": 1979691007, "entry_point": 1977623257, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1307", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977614336, "timestamp": "00:01:07.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979711488, "type": "region", "version": 1 }, "end_va": 1980366847, "entry_point": 1979795941, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1308", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979711488, "timestamp": "00:01:07.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1981218816, "type": "region", "version": 1 }, "end_va": 1982644223, "entry_point": 1981528637, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1309", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1981218816, "timestamp": "00:01:07.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1982660608, "type": "region", "version": 1 }, "end_va": 1983246335, "entry_point": 1982676913, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1310", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1982660608, "timestamp": "00:01:07.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983909887, "entry_point": 1983456307, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1311", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:07.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984618495, "entry_point": 1984338953, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1312", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:07.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985449983, "entry_point": 1984747281, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1313", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:01:07.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1985478656, "type": "region", "version": 1 }, "end_va": 1985519615, "entry_point": 1985483628, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1314", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1985478656, "timestamp": "00:01:07.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1985900543, "entry_point": 1985649574, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1315", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:07.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1986330624, "type": "region", "version": 1 }, "end_va": 1986355199, "entry_point": 1986336642, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1316", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1986330624, "timestamp": "00:01:07.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1987825663, "entry_point": 1987395543, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1317", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:01:07.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 2000723967, "entry_point": 1988367873, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1318", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:01:07.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 2002452480, "type": "region", "version": 1 }, "end_va": 2003722239, "entry_point": 2002459445, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1319", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 2002452480, "timestamp": "00:01:07.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 2005139456, "type": "region", "version": 1 }, "end_va": 2005241855, "entry_point": 2005158261, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1320", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 2005139456, "timestamp": "00:01:07.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2005794816, "type": "region", "version": 1 }, "end_va": 2006011903, "entry_point": 2005800029, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1321", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2005794816, "timestamp": "00:01:07.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1322", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:07.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5144575, "entry_point": 0, "filename": null, "id": "region_1325", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:07.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1981202431, "entry_point": 1980372619, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1326", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:01:07.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1986396160, "type": "region", "version": 1 }, "end_va": 1986523135, "entry_point": 1986401109, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1327", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1986396160, "timestamp": "00:01:07.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1328", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:07.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_1329", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:07.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6230015, "entry_point": 0, "filename": null, "id": "region_1330", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:01:07.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 13893632, "type": "region", "version": 1 }, "end_va": 26476543, "entry_point": 0, "filename": null, "id": "region_1331", "name": "pagefile_0x0000000000d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13893632, "timestamp": "00:01:07.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2005073920, "type": "region", "version": 1 }, "end_va": 2005094399, "entry_point": 2005079096, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1332", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2005073920, "timestamp": "00:01:07.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 8388607, "entry_point": 0, "filename": null, "id": "region_1333", "name": "private_0x0000000000700000", "norm_filename": null, "region_type": "private_memory", "start_va": 7340032, "timestamp": "00:01:07.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 9502719, "entry_point": 0, "filename": null, "id": "region_1334", "name": "private_0x0000000000810000", "norm_filename": null, "region_type": "private_memory", "start_va": 8454144, "timestamp": "00:01:07.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 10813439, "entry_point": 0, "filename": null, "id": "region_1335", "name": "private_0x0000000000950000", "norm_filename": null, "region_type": "private_memory", "start_va": 9764864, "timestamp": "00:01:07.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1970733056, "type": "region", "version": 1 }, "end_va": 1970843647, "entry_point": 1970733056, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1336", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1970733056, "timestamp": "00:01:07.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1337", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:07.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1338", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:07.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1339", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:07.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 13631487, "entry_point": 0, "filename": null, "id": "region_1340", "name": "private_0x0000000000c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 12582912, "timestamp": "00:01:07.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26804224, "type": "region", "version": 1 }, "end_va": 27852799, "entry_point": 0, "filename": null, "id": "region_1341", "name": "private_0x0000000001990000", "norm_filename": null, "region_type": "private_memory", "start_va": 26804224, "timestamp": "00:01:07.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 27852800, "type": "region", "version": 1 }, "end_va": 30797823, "entry_point": 27852800, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1342", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 27852800, "timestamp": "00:01:07.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_1343", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:01:07.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_1344", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:01:07.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1345", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:07.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1965883392, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965883392, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_1346", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1965883392, "timestamp": "00:01:07.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_1347", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:01:07.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1960968192, "type": "region", "version": 1 }, "end_va": 1960988671, "entry_point": 1960968192, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_1348", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1960968192, "timestamp": "00:01:07.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 7340031, "entry_point": 0, "filename": null, "id": "region_1349", "name": "private_0x0000000000600000", "norm_filename": null, "region_type": "private_memory", "start_va": 6291456, "timestamp": "00:01:07.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1941635072, "type": "region", "version": 1 }, "end_va": 1941700607, "entry_point": 1941635072, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_1350", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1941635072, "timestamp": "00:01:07.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_1351", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:07.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 11993087, "entry_point": 0, "filename": null, "id": "region_1352", "name": "private_0x0000000000a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 10813440, "timestamp": "00:01:07.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1945042944, "type": "region", "version": 1 }, "end_va": 1945108479, "entry_point": 1945042944, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_1353", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1945042944, "timestamp": "00:01:07.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 11862015, "entry_point": 0, "filename": null, "id": "region_1394", "name": "private_0x0000000000a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 10813440, "timestamp": "00:01:07.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 11993087, "entry_point": 0, "filename": null, "id": "region_1395", "name": "private_0x0000000000b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 11927552, "timestamp": "00:01:07.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1930100736, "type": "region", "version": 1 }, "end_va": 1930174463, "entry_point": 1930100736, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_1396", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1930100736, "timestamp": "00:01:07.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_1397", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:01:07.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1964851199, "entry_point": 1964572672, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_1398", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:01:07.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_1399", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:01:07.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_1400", "name": "private_0x0000000001ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32374784, "timestamp": "00:01:07.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1930035200, "type": "region", "version": 1 }, "end_va": 1930067967, "entry_point": 1930035200, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_1401", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1930035200, "timestamp": "00:01:07.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1940455424, "type": "region", "version": 1 }, "end_va": 1940570111, "entry_point": 1940455424, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1402", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1940455424, "timestamp": "00:01:07.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1940389888, "type": "region", "version": 1 }, "end_va": 1940418559, "entry_point": 1940389888, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1403", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1940389888, "timestamp": "00:01:07.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1870266368, "type": "region", "version": 1 }, "end_va": 1870290943, "entry_point": 1870266368, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_1412", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1870266368, "timestamp": "00:01:08.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1939079168, "type": "region", "version": 1 }, "end_va": 1939308543, "entry_point": 1939079168, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_1413", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1939079168, "timestamp": "00:01:08.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 393216, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_1414", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:08.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33816575, "entry_point": 0, "filename": null, "id": "region_1415", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:01:08.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34734080, "type": "region", "version": 1 }, "end_va": 35782655, "entry_point": 0, "filename": null, "id": "region_1416", "name": "private_0x0000000002120000", "norm_filename": null, "region_type": "private_memory", "start_va": 34734080, "timestamp": "00:01:08.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147311616, "type": "region", "version": 1 }, "end_va": 2147315711, "entry_point": 0, "filename": null, "id": "region_1417", "name": "private_0x000000007ffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147311616, "timestamp": "00:01:08.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147315712, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_1418", "name": "private_0x000000007ffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147315712, "timestamp": "00:01:08.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 37879807, "entry_point": 0, "filename": null, "id": "region_1419", "name": "private_0x0000000002220000", "norm_filename": null, "region_type": "private_memory", "start_va": 35782656, "timestamp": "00:01:09.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_1420", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:09.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_1432", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:09.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_1472", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:09.283", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_12", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 12, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1354", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:07.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1355", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:07.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1356", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:07.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_1357", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:07.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 0, "filename": null, "id": "region_1358", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:07.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 9699328, "type": "region", "version": 1 }, "end_va": 9732095, "entry_point": 9699328, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_1359", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 9699328, "timestamp": "00:01:07.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2005057535, "entry_point": 2003763200, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1360", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:01:07.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2006122496, "type": "region", "version": 1 }, "end_va": 2006126591, "entry_point": 2006122496, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1361", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2006122496, "timestamp": "00:01:07.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1362", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:07.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1363", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:07.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1364", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:07.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1365", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:07.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1366", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:07.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_1367", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:07.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_1368", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:07.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1858600960, "type": "region", "version": 1 }, "end_va": 1858805759, "entry_point": 1858615281, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1369", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1858600960, "timestamp": "00:01:07.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 417792, "start_va": 1917059072, "type": "region", "version": 1 }, "end_va": 1917476863, "entry_point": 1917063753, "filename": "\\Windows\\System32\\msvcp60.dll", "id": "region_1370", "name": "msvcp60.dll", "norm_filename": "c:\\windows\\system32\\msvcp60.dll", "region_type": "memory_mapped_file", "start_va": 1917059072, "timestamp": "00:01:07.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1953103871, "entry_point": 1952108582, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_1371", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:01:07.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972043776, "type": "region", "version": 1 }, "end_va": 1972092927, "entry_point": 1972052878, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1372", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1972043776, "timestamp": "00:01:07.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972436992, "type": "region", "version": 1 }, "end_va": 1973604351, "entry_point": 1972442506, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1373", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972436992, "timestamp": "00:01:07.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1973616640, "type": "region", "version": 1 }, "end_va": 1973919743, "entry_point": 1973648864, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1374", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1973616640, "timestamp": "00:01:07.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1974730752, "type": "region", "version": 1 }, "end_va": 1975599103, "entry_point": 1975041508, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1375", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1974730752, "timestamp": "00:01:07.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1975648256, "type": "region", "version": 1 }, "end_va": 1976651775, "entry_point": 1975654501, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1376", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1975648256, "timestamp": "00:01:07.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976696832, "type": "region", "version": 1 }, "end_va": 1977401343, "entry_point": 1976738930, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1377", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976696832, "timestamp": "00:01:07.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977614336, "type": "region", "version": 1 }, "end_va": 1979691007, "entry_point": 1977623257, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1378", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977614336, "timestamp": "00:01:07.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979711488, "type": "region", "version": 1 }, "end_va": 1980366847, "entry_point": 1979795941, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1379", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979711488, "timestamp": "00:01:07.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1981218816, "type": "region", "version": 1 }, "end_va": 1982644223, "entry_point": 1981528637, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1380", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1981218816, "timestamp": "00:01:07.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1982660608, "type": "region", "version": 1 }, "end_va": 1983246335, "entry_point": 1982676913, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1381", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1982660608, "timestamp": "00:01:07.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983909887, "entry_point": 1983456307, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1382", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:07.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984618495, "entry_point": 1984338953, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1383", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:07.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985449983, "entry_point": 1984747281, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1384", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:01:07.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1985478656, "type": "region", "version": 1 }, "end_va": 1985519615, "entry_point": 1985483628, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1385", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1985478656, "timestamp": "00:01:07.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1985900543, "entry_point": 1985649574, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1386", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:07.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1986330624, "type": "region", "version": 1 }, "end_va": 1986355199, "entry_point": 1986336642, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1387", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1986330624, "timestamp": "00:01:07.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1987825663, "entry_point": 1987395543, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1388", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:01:07.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 2000723967, "entry_point": 1988367873, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1389", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:01:07.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 2002452480, "type": "region", "version": 1 }, "end_va": 2003722239, "entry_point": 2002459445, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1390", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 2002452480, "timestamp": "00:01:07.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 2005139456, "type": "region", "version": 1 }, "end_va": 2005241855, "entry_point": 2005158261, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1391", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 2005139456, "timestamp": "00:01:07.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2005794816, "type": "region", "version": 1 }, "end_va": 2006011903, "entry_point": 2005800029, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1392", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2005794816, "timestamp": "00:01:07.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1393", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:07.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 3309567, "entry_point": 0, "filename": null, "id": "region_1404", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:01:07.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1981202431, "entry_point": 1980372619, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1405", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:01:07.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1986396160, "type": "region", "version": 1 }, "end_va": 1986523135, "entry_point": 1986401109, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1406", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1986396160, "timestamp": "00:01:07.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1407", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:07.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_1408", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:07.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5378047, "entry_point": 0, "filename": null, "id": "region_1409", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:07.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 22347775, "entry_point": 0, "filename": null, "id": "region_1410", "name": "pagefile_0x0000000000950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9764864, "timestamp": "00:01:07.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_1411", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:01:07.922", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\mwixlzwnapdxngrlcvznt\"", "filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "id": "proc_13", "image_name": "regsvcs.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1421", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:09.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1422", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:09.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1423", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:09.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1424", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:09.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4550655, "entry_point": 0, "filename": null, "id": "region_1425", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:09.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 13828096, "type": "region", "version": 1 }, "end_va": 13885439, "entry_point": 13861438, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", "id": "region_1426", "name": "regsvcs.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "region_type": "memory_mapped_file", "start_va": 13828096, "timestamp": "00:01:09.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2005057535, "entry_point": 2003763200, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1427", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:01:09.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2006122496, "type": "region", "version": 1 }, "end_va": 2006126591, "entry_point": 2006122496, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1428", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2006122496, "timestamp": "00:01:09.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1429", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:09.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_1430", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:01:09.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1431", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:09.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1433", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:09.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1434", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:09.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_1435", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:09.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3506175, "entry_point": 0, "filename": null, "id": "region_1436", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:09.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_1437", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:01:09.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1914830848, "type": "region", "version": 1 }, "end_va": 1915371519, "entry_point": 1914830848, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1438", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1914830848, "timestamp": "00:01:09.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1960378368, "type": "region", "version": 1 }, "end_va": 1960415231, "entry_point": 1960383008, "filename": "\\Windows\\System32\\version.dll", "id": "region_1439", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1960378368, "timestamp": "00:01:09.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972043776, "type": "region", "version": 1 }, "end_va": 1972092927, "entry_point": 1972052878, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1440", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1972043776, "timestamp": "00:01:09.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972436992, "type": "region", "version": 1 }, "end_va": 1973604351, "entry_point": 1972442506, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1441", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972436992, "timestamp": "00:01:09.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1973616640, "type": "region", "version": 1 }, "end_va": 1973919743, "entry_point": 1973648864, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1442", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1973616640, "timestamp": "00:01:09.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1974730752, "type": "region", "version": 1 }, "end_va": 1975599103, "entry_point": 1975041508, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1443", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1974730752, "timestamp": "00:01:09.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1975648256, "type": "region", "version": 1 }, "end_va": 1976651775, "entry_point": 1975654501, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1444", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1975648256, "timestamp": "00:01:09.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976696832, "type": "region", "version": 1 }, "end_va": 1977401343, "entry_point": 1976738930, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1445", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976696832, "timestamp": "00:01:09.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977614336, "type": "region", "version": 1 }, "end_va": 1979691007, "entry_point": 1977623257, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1446", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977614336, "timestamp": "00:01:09.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979711488, "type": "region", "version": 1 }, "end_va": 1980366847, "entry_point": 1979795941, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1447", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979711488, "timestamp": "00:01:09.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1981218816, "type": "region", "version": 1 }, "end_va": 1982644223, "entry_point": 1981528637, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1448", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1981218816, "timestamp": "00:01:09.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1982660608, "type": "region", "version": 1 }, "end_va": 1983246335, "entry_point": 1982676913, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1449", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1982660608, "timestamp": "00:01:09.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983909887, "entry_point": 1983456307, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1450", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:09.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984618495, "entry_point": 1984338953, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1451", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:09.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985449983, "entry_point": 1984747281, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1452", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:01:09.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1985478656, "type": "region", "version": 1 }, "end_va": 1985519615, "entry_point": 1985483628, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1453", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1985478656, "timestamp": "00:01:09.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1985900543, "entry_point": 1985649574, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1454", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:09.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1987825663, "entry_point": 1987395543, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1455", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:01:09.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 2000723967, "entry_point": 1988367873, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1456", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:01:09.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 2002452480, "type": "region", "version": 1 }, "end_va": 2003722239, "entry_point": 2002459445, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1457", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 2002452480, "timestamp": "00:01:09.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 2005139456, "type": "region", "version": 1 }, "end_va": 2005241855, "entry_point": 2005158261, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1458", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 2005139456, "timestamp": "00:01:09.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 2005270528, "type": "region", "version": 1 }, "end_va": 2005774335, "entry_point": 2005277422, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1459", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 2005270528, "timestamp": "00:01:09.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1460", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:09.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1981202431, "entry_point": 1980372619, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1496", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:01:09.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1986396160, "type": "region", "version": 1 }, "end_va": 1986523135, "entry_point": 1986401109, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1497", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1986396160, "timestamp": "00:01:09.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1542", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:09.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1543", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:09.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_1544", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:09.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5640191, "entry_point": 0, "filename": null, "id": "region_1545", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:01:09.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 13893632, "type": "region", "version": 1 }, "end_va": 26476543, "entry_point": 0, "filename": null, "id": "region_1546", "name": "pagefile_0x0000000000d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13893632, "timestamp": "00:01:09.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 7995391, "entry_point": 0, "filename": null, "id": "region_1551", "name": "private_0x00000000006a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6946816, "timestamp": "00:01:09.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_1552", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:09.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 10940415, "entry_point": 7995392, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1553", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 7995392, "timestamp": "00:01:09.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966235647, "entry_point": 1966157251, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1563", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:01:09.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2408447, "entry_point": 2167437, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1564", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2162688, "timestamp": "00:01:09.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963896831, "entry_point": 1963659917, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1569", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:01:09.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1970913279, "entry_point": 1970868449, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1570", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:09.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 13565951, "entry_point": 0, "filename": null, "id": "region_1571", "name": "private_0x0000000000bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12517376, "timestamp": "00:01:09.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1572", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:09.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1916993536, "type": "region", "version": 1 }, "end_va": 1917046783, "entry_point": 1917016861, "filename": "\\Windows\\System32\\pstorec.dll", "id": "region_1573", "name": "pstorec.dll", "norm_filename": "c:\\windows\\system32\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1916993536, "timestamp": "00:01:09.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1941307392, "type": "region", "version": 1 }, "end_va": 1941389311, "entry_point": 1941314985, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1574", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1941307392, "timestamp": "00:01:09.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1916534784, "type": "region", "version": 1 }, "end_va": 1916583935, "entry_point": 1916534784, "filename": "\\Windows\\System32\\vaultcli.dll", "id": "region_1575", "name": "vaultcli.dll", "norm_filename": "c:\\windows\\system32\\vaultcli.dll", "region_type": "memory_mapped_file", "start_va": 1916534784, "timestamp": "00:01:09.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 11997183, "entry_point": 0, "filename": null, "id": "region_1607", "name": "private_0x0000000000a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 10944512, "timestamp": "00:01:10.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1777664, "start_va": 26476544, "type": "region", "version": 1 }, "end_va": 28254207, "entry_point": 27928611, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_1611", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 26476544, "timestamp": "00:01:10.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1932132352, "type": "region", "version": 1 }, "end_va": 1933922303, "entry_point": 1933584419, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_1613", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1932132352, "timestamp": "00:01:10.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1858600960, "type": "region", "version": 1 }, "end_va": 1858805759, "entry_point": 1858615281, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1614", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1858600960, "timestamp": "00:01:10.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1946091520, "type": "region", "version": 1 }, "end_va": 1946120191, "entry_point": 1946095904, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1615", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1946091520, "timestamp": "00:01:10.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2005794816, "type": "region", "version": 1 }, "end_va": 2006011903, "entry_point": 2005800029, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1616", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2005794816, "timestamp": "00:01:10.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1986330624, "type": "region", "version": 1 }, "end_va": 1986355199, "entry_point": 1986336642, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1617", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1986330624, "timestamp": "00:01:10.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1931345920, "type": "region", "version": 1 }, "end_va": 1932124159, "entry_point": 1931419900, "filename": "\\Program Files\\Mozilla Firefox\\msvcr100.dll", "id": "region_1618", "name": "msvcr100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1931345920, "timestamp": "00:01:10.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1945305088, "type": "region", "version": 1 }, "end_va": 1945444351, "entry_point": 1945394288, "filename": "\\Program Files\\Mozilla Firefox\\mozglue.dll", "id": "region_1619", "name": "mozglue.dll", "norm_filename": "c:\\program files\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1945305088, "timestamp": "00:01:10.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1930887168, "type": "region", "version": 1 }, "end_va": 1931317247, "entry_point": 1931099364, "filename": "\\Program Files\\Mozilla Firefox\\msvcp100.dll", "id": "region_1620", "name": "msvcp100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1930887168, "timestamp": "00:01:10.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 12124159, "entry_point": 0, "filename": null, "id": "region_1621", "name": "private_0x0000000000a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 10944512, "timestamp": "00:01:10.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_1622", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:10.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26476544, "type": "region", "version": 1 }, "end_va": 27525119, "entry_point": 0, "filename": null, "id": "region_1623", "name": "private_0x0000000001940000", "norm_filename": null, "region_type": "private_memory", "start_va": 26476544, "timestamp": "00:01:10.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 27525120, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_1624", "name": "private_0x0000000001a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 27525120, "timestamp": "00:01:10.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 28311552, "type": "region", "version": 1 }, "end_va": 29360127, "entry_point": 0, "filename": null, "id": "region_1625", "name": "private_0x0000000001b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 28311552, "timestamp": "00:01:10.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1945108480, "type": "region", "version": 1 }, "end_va": 1945268223, "entry_point": 1945224585, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_1626", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1945108480, "timestamp": "00:01:10.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1946054655, "entry_point": 1946032800, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_1627", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:10.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 917504, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_1628", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:10.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1011711, "entry_point": 0, "filename": null, "id": "region_1629", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:10.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1056767, "entry_point": 0, "filename": null, "id": "region_1630", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:10.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 33501183, "entry_point": 0, "filename": null, "id": "region_1631", "name": "pagefile_0x0000000001c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29360128, "timestamp": "00:01:10.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1862467584, "type": "region", "version": 1 }, "end_va": 1862791167, "entry_point": 1862689794, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_1633", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1862467584, "timestamp": "00:01:10.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_1634", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:10.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2183167, "entry_point": 0, "filename": null, "id": "region_1635", "name": "pagefile_0x0000000000210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2162688, "timestamp": "00:01:10.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 937983, "entry_point": 0, "filename": null, "id": "region_1636", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:10.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2005073920, "type": "region", "version": 1 }, "end_va": 2005094399, "entry_point": 2005079096, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1658", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2005073920, "timestamp": "00:01:10.600", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\wqnqmshpoxvbxmnplxmoexxv\"", "filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "id": "proc_14", "image_name": "regsvcs.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1461", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:09.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1462", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:09.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1463", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:09.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1464", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:09.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4341759, "entry_point": 0, "filename": null, "id": "region_1465", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:09.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 13828096, "type": "region", "version": 1 }, "end_va": 13885439, "entry_point": 13861438, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", "id": "region_1466", "name": "regsvcs.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "region_type": "memory_mapped_file", "start_va": 13828096, "timestamp": "00:01:09.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2005057535, "entry_point": 2003763200, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1467", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:01:09.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2006122496, "type": "region", "version": 1 }, "end_va": 2006126591, "entry_point": 2006122496, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1468", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2006122496, "timestamp": "00:01:09.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1469", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:09.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_1470", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:01:09.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1471", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:09.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1473", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:09.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2060287, "entry_point": 1638400, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1474", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:01:09.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2916351, "entry_point": 0, "filename": null, "id": "region_1475", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:01:09.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_1476", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:09.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_1477", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:01:09.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1914830848, "type": "region", "version": 1 }, "end_va": 1915371519, "entry_point": 1914837417, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1478", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1914830848, "timestamp": "00:01:09.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1973616640, "type": "region", "version": 1 }, "end_va": 1973919743, "entry_point": 1973648864, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1479", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1973616640, "timestamp": "00:01:09.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1974730752, "type": "region", "version": 1 }, "end_va": 1975599103, "entry_point": 1975041508, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1480", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1974730752, "timestamp": "00:01:09.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976696832, "type": "region", "version": 1 }, "end_va": 1977401343, "entry_point": 1976738930, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1481", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976696832, "timestamp": "00:01:09.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979711488, "type": "region", "version": 1 }, "end_va": 1980366847, "entry_point": 1979795941, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1482", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979711488, "timestamp": "00:01:09.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1981218816, "type": "region", "version": 1 }, "end_va": 1982644223, "entry_point": 1981528637, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1483", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1981218816, "timestamp": "00:01:09.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983909887, "entry_point": 1983456307, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1484", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:09.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984618495, "entry_point": 1984338953, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1485", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:09.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985449983, "entry_point": 1984747281, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1486", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:01:09.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1985478656, "type": "region", "version": 1 }, "end_va": 1985519615, "entry_point": 1985483628, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1487", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1985478656, "timestamp": "00:01:09.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1985900543, "entry_point": 1985649574, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1488", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:09.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1987825663, "entry_point": 1987395543, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1489", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:01:09.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 2000723967, "entry_point": 1988367873, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1490", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:01:09.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 2005139456, "type": "region", "version": 1 }, "end_va": 2005241855, "entry_point": 2005158261, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1491", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 2005139456, "timestamp": "00:01:09.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 2005270528, "type": "region", "version": 1 }, "end_va": 2005774335, "entry_point": 2005277422, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1492", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 2005270528, "timestamp": "00:01:09.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1493", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:09.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1981202431, "entry_point": 1980372619, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1494", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:01:09.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1986396160, "type": "region", "version": 1 }, "end_va": 1986523135, "entry_point": 1986401109, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1495", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1986396160, "timestamp": "00:01:09.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1509", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:09.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_1510", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:09.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5443583, "entry_point": 0, "filename": null, "id": "region_1511", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:01:09.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_1512", "name": "private_0x0000000000680000", "norm_filename": null, "region_type": "private_memory", "start_va": 6815744, "timestamp": "00:01:09.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 13893632, "type": "region", "version": 1 }, "end_va": 26476543, "entry_point": 0, "filename": null, "id": "region_1513", "name": "pagefile_0x0000000000d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13893632, "timestamp": "00:01:09.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 8585215, "entry_point": 0, "filename": null, "id": "region_1554", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:01:09.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1555", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:09.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1556", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:09.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_1557", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:01:09.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 11530239, "entry_point": 8585216, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1558", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 8585216, "timestamp": "00:01:09.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972436992, "type": "region", "version": 1 }, "end_va": 1973604351, "entry_point": 1972442506, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1559", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972436992, "timestamp": "00:01:09.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972043776, "type": "region", "version": 1 }, "end_va": 1972092927, "entry_point": 1972052878, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1560", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1972043776, "timestamp": "00:01:09.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1970733056, "type": "region", "version": 1 }, "end_va": 1970843647, "entry_point": 1970770873, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1561", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1970733056, "timestamp": "00:01:09.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1849098240, "type": "region", "version": 1 }, "end_va": 1850888191, "entry_point": 1849098240, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_1576", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1849098240, "timestamp": "00:01:10.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1858600960, "type": "region", "version": 1 }, "end_va": 1858805759, "entry_point": 1858615281, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1577", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1858600960, "timestamp": "00:01:10.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914503168, "type": "region", "version": 1 }, "end_va": 1914531839, "entry_point": 1914507552, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1578", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1914503168, "timestamp": "00:01:10.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2005794816, "type": "region", "version": 1 }, "end_va": 2006011903, "entry_point": 2005800029, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1579", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2005794816, "timestamp": "00:01:10.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1986330624, "type": "region", "version": 1 }, "end_va": 1986355199, "entry_point": 1986336642, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1580", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1986330624, "timestamp": "00:01:10.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1848311808, "type": "region", "version": 1 }, "end_va": 1849090047, "entry_point": 1848311808, "filename": "\\Program Files\\Mozilla Firefox\\msvcr100.dll", "id": "region_1581", "name": "msvcr100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1848311808, "timestamp": "00:01:10.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1862598656, "type": "region", "version": 1 }, "end_va": 1862737919, "entry_point": 1862598656, "filename": "\\Program Files\\Mozilla Firefox\\mozglue.dll", "id": "region_1582", "name": "mozglue.dll", "norm_filename": "c:\\program files\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1862598656, "timestamp": "00:01:10.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1847853056, "type": "region", "version": 1 }, "end_va": 1848283135, "entry_point": 1847853056, "filename": "\\Program Files\\Mozilla Firefox\\msvcp100.dll", "id": "region_1583", "name": "msvcp100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1847853056, "timestamp": "00:01:10.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 11534336, "type": "region", "version": 1 }, "end_va": 13565951, "entry_point": 0, "filename": null, "id": "region_1584", "name": "private_0x0000000000b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 11534336, "timestamp": "00:01:10.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1966080, "start_va": 26476544, "type": "region", "version": 1 }, "end_va": 28442623, "entry_point": 0, "filename": null, "id": "region_1585", "name": "private_0x0000000001940000", "norm_filename": null, "region_type": "private_memory", "start_va": 26476544, "timestamp": "00:01:10.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11534336, "type": "region", "version": 1 }, "end_va": 12582911, "entry_point": 0, "filename": null, "id": "region_1586", "name": "private_0x0000000000b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 11534336, "timestamp": "00:01:10.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 13565951, "entry_point": 0, "filename": null, "id": "region_1587", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:01:10.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26476544, "type": "region", "version": 1 }, "end_va": 27525119, "entry_point": 0, "filename": null, "id": "region_1588", "name": "private_0x0000000001940000", "norm_filename": null, "region_type": "private_memory", "start_va": 26476544, "timestamp": "00:01:10.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 28377088, "type": "region", "version": 1 }, "end_va": 28442623, "entry_point": 0, "filename": null, "id": "region_1589", "name": "private_0x0000000001b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 28377088, "timestamp": "00:01:10.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 27262976, "type": "region", "version": 1 }, "end_va": 28311551, "entry_point": 0, "filename": null, "id": "region_1590", "name": "private_0x0000000001a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 27262976, "timestamp": "00:01:10.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1862402048, "type": "region", "version": 1 }, "end_va": 1862561791, "entry_point": 1862402048, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_1591", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1862402048, "timestamp": "00:01:10.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946120191, "entry_point": 1946025984, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_1592", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:10.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 458752, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_1593", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:10.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 552959, "entry_point": 0, "filename": null, "id": "region_1594", "name": "pagefile_0x0000000000080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 524288, "timestamp": "00:01:10.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4005887, "entry_point": 0, "filename": null, "id": "region_1595", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:10.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28442624, "type": "region", "version": 1 }, "end_va": 32583679, "entry_point": 0, "filename": null, "id": "region_1596", "name": "pagefile_0x0000000001b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28442624, "timestamp": "00:01:10.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1945174016, "type": "region", "version": 1 }, "end_va": 1945497599, "entry_point": 1945174016, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_1598", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1945174016, "timestamp": "00:01:10.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1970913279, "entry_point": 1970868449, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1599", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:10.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966235647, "entry_point": 1966157251, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1600", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:01:10.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7127039, "entry_point": 6886029, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1601", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 6881280, "timestamp": "00:01:10.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963896831, "entry_point": 1963659917, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1606", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:01:10.249", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\gsabfkrjcfngatbtcigqhckmyel\"", "filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "id": "proc_15", "image_name": "regsvcs.exe", "monitor_reason": "child_process", "monitored_id": 15, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1498", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:09.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1499", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:09.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1500", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:09.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1501", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:09.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4317183, "entry_point": 0, "filename": null, "id": "region_1502", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:09.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 13828096, "type": "region", "version": 1 }, "end_va": 13885439, "entry_point": 13861438, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe", "id": "region_1503", "name": "regsvcs.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe", "region_type": "memory_mapped_file", "start_va": 13828096, "timestamp": "00:01:09.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2003763200, "type": "region", "version": 1 }, "end_va": 2005057535, "entry_point": 2003763200, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1504", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003763200, "timestamp": "00:01:09.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2006122496, "type": "region", "version": 1 }, "end_va": 2006126591, "entry_point": 2006122496, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1505", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2006122496, "timestamp": "00:01:09.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1506", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:09.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_1507", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:01:09.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1508", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:09.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1514", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:09.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1515", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:09.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3244031, "entry_point": 0, "filename": null, "id": "region_1516", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:01:09.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_1517", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:01:09.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 9240575, "entry_point": 0, "filename": null, "id": "region_1518", "name": "private_0x00000000008c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9175040, "timestamp": "00:01:09.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1914830848, "type": "region", "version": 1 }, "end_va": 1915371519, "entry_point": 1914837417, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1519", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1914830848, "timestamp": "00:01:09.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1973616640, "type": "region", "version": 1 }, "end_va": 1973919743, "entry_point": 1973648864, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1520", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1973616640, "timestamp": "00:01:09.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1974730752, "type": "region", "version": 1 }, "end_va": 1975599103, "entry_point": 1975041508, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1521", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1974730752, "timestamp": "00:01:09.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976696832, "type": "region", "version": 1 }, "end_va": 1977401343, "entry_point": 1976738930, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1522", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976696832, "timestamp": "00:01:09.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979711488, "type": "region", "version": 1 }, "end_va": 1980366847, "entry_point": 1979795941, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1523", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979711488, "timestamp": "00:01:09.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1981218816, "type": "region", "version": 1 }, "end_va": 1982644223, "entry_point": 1981528637, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1524", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1981218816, "timestamp": "00:01:09.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983909887, "entry_point": 1983456307, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1525", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:01:09.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984618495, "entry_point": 1984338953, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1526", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:09.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985449983, "entry_point": 1984747281, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1527", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:01:09.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1985478656, "type": "region", "version": 1 }, "end_va": 1985519615, "entry_point": 1985483628, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1528", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1985478656, "timestamp": "00:01:09.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1985900543, "entry_point": 1985649574, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1529", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:09.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1987825663, "entry_point": 1987395543, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1530", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:01:09.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 2000723967, "entry_point": 1988367873, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1531", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:01:09.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 2005139456, "type": "region", "version": 1 }, "end_va": 2005241855, "entry_point": 2005158261, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1532", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 2005139456, "timestamp": "00:01:09.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 2005270528, "type": "region", "version": 1 }, "end_va": 2005774335, "entry_point": 2005277422, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1533", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 2005270528, "timestamp": "00:01:09.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1534", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:09.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1981202431, "entry_point": 1980372619, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1535", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:01:09.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1986396160, "type": "region", "version": 1 }, "end_va": 1986523135, "entry_point": 1986401109, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1536", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1986396160, "timestamp": "00:01:09.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1537", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:09.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1538", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:09.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5378047, "entry_point": 0, "filename": null, "id": "region_1539", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:09.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_1540", "name": "private_0x00000000007d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8192000, "timestamp": "00:01:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 13893632, "type": "region", "version": 1 }, "end_va": 26476543, "entry_point": 0, "filename": null, "id": "region_1541", "name": "pagefile_0x0000000000d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13893632, "timestamp": "00:01:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_1547", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:09.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 10289151, "entry_point": 0, "filename": null, "id": "region_1548", "name": "private_0x00000000008d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9240576, "timestamp": "00:01:09.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 13234175, "entry_point": 10289152, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1549", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 10289152, "timestamp": "00:01:09.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1916993536, "type": "region", "version": 1 }, "end_va": 1917046783, "entry_point": 1916993536, "filename": "\\Windows\\System32\\pstorec.dll", "id": "region_1550", "name": "pstorec.dll", "norm_filename": "c:\\windows\\system32\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1916993536, "timestamp": "00:01:09.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1941307392, "type": "region", "version": 1 }, "end_va": 1941389311, "entry_point": 1941307392, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1562", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1941307392, "timestamp": "00:01:09.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_1669", "name": "private_0x0000000001ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28049408, "timestamp": "00:01:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972436992, "type": "region", "version": 1 }, "end_va": 1973604351, "entry_point": 1972442506, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1670", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972436992, "timestamp": "00:01:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1671", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:14.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972043776, "type": "region", "version": 1 }, "end_va": 1972092927, "entry_point": 1972052878, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1672", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1972043776, "timestamp": "00:01:14.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1970733056, "type": "region", "version": 1 }, "end_va": 1970843647, "entry_point": 1970770873, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1673", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1970733056, "timestamp": "00:01:14.825", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 }, { "comment": "The overall sleep time of all monitored processes was truncated from 20 minutes to 10 seconds to reveal dormant functionality.", "id": 262144, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d.exe", "id": 19247, "md5_hash": "2090ff67346785ba32859de0065350c6", "sample_type": "windows_exe_(x86-32)", "sha1_hash": "045e46667befb09b91ff797bdee91e5ef43d2366", "sha256_hash": "9c3648e343b57ebf1fb3fe567deceb0da3499989dd56d4e82dd8911c3adf239d", "size": 934144, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 48767, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_10623.png", "size": 61838, "thumbnail_archive_path": "screenshots/thumbnail_10623.png", "timestamp": "00:00:10.623", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_12537.png", "size": 44169, "thumbnail_archive_path": "screenshots/thumbnail_12537.png", "timestamp": "00:00:12.537", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_37950.png", "size": 64468, "thumbnail_archive_path": "screenshots/thumbnail_37950.png", "timestamp": "00:00:37.950", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_38957.png", "size": 4184, "thumbnail_archive_path": "screenshots/thumbnail_38957.png", "timestamp": "00:00:38.957", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_40982.png", "size": 489423, "thumbnail_archive_path": "screenshots/thumbnail_40982.png", "timestamp": "00:00:40.982", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_52879.png", "size": 3851, "thumbnail_archive_path": "screenshots/thumbnail_52879.png", "timestamp": "00:00:52.879", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_61321.png", "size": 86366, "thumbnail_archive_path": "screenshots/thumbnail_61321.png", "timestamp": "00:01:01.321", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-09-28 17:24", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "10.3.183.90", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.450", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_32-bit_pae", "vm_kernel_version": "6.1.7601.17514_(684da42a-30cc-450f-81c5-35b4d18944b1)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_debugger", "operation_desc": "Try to detect debugger", "ref_gfncalls": [ { "ref_id": "gfn_4199", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_debugger_by_api", "technique_desc": "Check via API \"IsDebuggerPresent\".", "technique_path": "built_in._anti_analysis._detect_debugger.vmray_detect_debugger_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_4526", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cih.exe C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\60484525\\cvn-nhc\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_4708", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_executable_page", "operation_desc": "Create a page with write and execute permissions", "ref_gfncalls": [ { "ref_id": "gfn_4712", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_allocate_wx_page", "technique_desc": "Allocate a page in a foreign process with \"PAGE_EXECUTE_READWRITE\" permissions, often used to dynamically unpack code.", "technique_path": "built_in._process._create_executable_page.vmray_allocate_wx_page", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "34419-GRNPWA", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_4752", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"34419-GRNPWA\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_device", "category_desc": "Device", "operation": "_hook_keyboard", "operation_desc": "Monitor keyboard input", "ref_gfncalls": [ { "ref_id": "gfn_4787", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hook_keyboard_by_setwinhook_api", "technique_desc": "Install system wide \"WH_KEYBOARD_LL\" hook(s) to monitor keystrokes.", "technique_path": "built_in._device._hook_keyboard.vmray_hook_keyboard_by_setwinhook_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_delay_execution", "operation_desc": "Delay execution", "ref_gfncalls": [ { "ref_id": "gfn_4789", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_delay_execution_by_sleep", "technique_desc": "One thread sleeps more than 5 minutes.", "technique_path": "built_in._anti_analysis._delay_execution.vmray_delay_execution_by_sleep", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_4796", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\svchost.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_4801", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"jlux123.no-ip.biz\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_4802", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" reads from \"C:\\Windows\\system32\\svchost.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "185.62.188.68", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_4818", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"jluxi.dynu.com\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Mutex_RemWatchdog", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_4831", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Mutex_RemWatchdog\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_system_data", "operation_desc": "Read system data", "ref_gfncalls": [ { "ref_id": "gfn_4879", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_clipboard_data", "technique_desc": "Readout data from clipboard.", "technique_path": "built_in._info_stealing._read_system_data.vmray_read_clipboard_data", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_4919", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\moqutzmqrxoadnrfihvxswbpaqgibrkh\"\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_4923", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" reads from \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\moqutzmqrxoadnrfihvxswbpaqgibrkh\"\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_4934", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\widfu\"\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_4938", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" reads from \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\widfu\"\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_4949", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\zljxukhl\"\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_4953", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" reads from \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\zljxukhl\"\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_dynamic_api_usage", "operation_desc": "Dynamic API usage", "ref_gfncalls": [ { "ref_id": "gfn_4980", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_dynamic_api_usage_by_api", "technique_desc": "Resolve above average number of APIs.", "technique_path": "built_in._anti_analysis._dynamic_api_usage.vmray_dynamic_api_usage_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_history", "operation_desc": "Read data related to browsing history", "ref_gfncalls": [ { "ref_id": "gfn_5835", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_history", "technique_desc": "Read the browsing history for \"Microsoft Internet Explorer\".", "technique_path": "built_in._browser._browser_data_history.vmray_read_browser_history", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\EEBsYm5\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_credentials", "operation_desc": "Read data related to saved browser credentials", "ref_gfncalls": [ { "ref_id": "gfn_6859", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_credentials", "technique_desc": "Read saved credentials for \"Google Chrome\".", "technique_path": "built_in._browser._browser_data_credentials.vmray_read_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\EEBsYm5\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist", "hashes": [], "norm_filename": "c:\\users\\eebsym5\\appdata\\roaming\\apple computer\\preferences\\keychain.plist", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_browser_data", "operation_desc": "Read browser data", "ref_gfncalls": [ { "ref_id": "gfn_6890", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_readout_browser_credentials", "technique_desc": "Possibly trying to readout browser credentials.", "technique_path": "built_in._info_stealing._read_browser_data.vmray_readout_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_7894", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\mwixlzwnapdxngrlcvznt\"\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_7898", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" reads from \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\mwixlzwnapdxngrlcvznt\"\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_7909", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\wqnqmshpoxvbxmnplxmoexxv\"\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_7913", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" reads from \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\wqnqmshpoxvbxmnplxmoexxv\"\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_7924", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\gsabfkrjcfngatbtcigqhckmyel\"\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_7928", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" reads from \"C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\RegSvcs.exe /stext \"C:\\Users\\EEBsYm5\\AppData\\Local\\Temp\\gsabfkrjcfngatbtcigqhckmyel\"\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_create_many_files", "operation_desc": "Create many files", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_many_files", "technique_desc": "Create above average number of files.", "technique_path": "built_in._file_system._create_many_files.vmray_create_many_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe\" modifies memory of \"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" modifies memory of \"c:\\windows\\system32\\svchost.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" modifies memory of \"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe\" alters context of \"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" alters context of \"c:\\windows\\system32\\svchost.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\" alters context of \"c:\\windows\\microsoft.net\\framework\\v4.0.30319\\regsvcs.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_7810", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"185.62.188.68:1991\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\eebsym5\\appdata\\local\\temp\\60484525\\cih.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Default (PE, ...)", "vti_score": 98 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }