{ "analysis_details": { "creation_time": "2017-09-20 18:07 (UTC+2)", "execution_successful": true, "number_of_processes": 14, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:05:22" }, "artifacts": { "files": [ { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Windows\\SysWOW64\\msiexec.exe", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\msiexec.exe", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts", "hashes": [], "norm_filename": "c:\\windows\\system32\\drivers\\etc\\hosts", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\igfxonux.scr", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "f5aceff295707412e7679e7c0f3a797e", "sha1_hash": "89c58b4bc7130630ff093afe1c57614a4b85ddc7", "sha256_hash": "ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla firefox\\firefox.exe", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lxqfwvdqlkd.exe", "hashes": [ { "md5_hash": "f5aceff295707412e7679e7c0f3a797e", "sha1_hash": "89c58b4bc7130630ff093afe1c57614a4b85ddc7", "sha256_hash": "ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8Q-59UAV", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8Q-59UAV\\8Q-logrc.ini", "hashes": [ { "md5_hash": "e03f207a7b9cfc4d877ed2ec64be028e", "sha1_hash": "8990d4c5b8a881e0a1593040564a9a6dc5664695", "sha256_hash": "b17183098b6e349844a3151456edf62c8e41b2348d2445a610c0ff1e29963067", "type": "file_hash", "version": 1 }, { "md5_hash": "3672ebfa59687d457ddb10f2e7102c2c", "sha1_hash": "c5b5cb23a8044e72d8fd2a11da9f9e31875bba12", "sha256_hash": "615a7fb6e9f70b09f6f6432a04976a0c4dd80b5c306ce9b7c739c956532c7844", "type": "file_hash", "version": 1 }, { "md5_hash": "b7a3da82c959d15ee79789cec957a60e", "sha1_hash": "2bd9b7aef5b39760910267a3889aac9596903791", "sha256_hash": "3e631a63bac92f8b974308fa32979d897b81ee2b7817f434610688a24409158c", "type": "file_hash", "version": 1 }, { "md5_hash": "6a2d8fd600948cefea9c615af9607bd5", "sha1_hash": "c0905d8beea8bd1f6f7d93f2f06accfdbf1bb926", "sha256_hash": "8a8a84891ecb2032320d1c0de99fdcd94100df10f352d9f96fd1b2433cd4d45b", "type": "file_hash", "version": 1 }, { "md5_hash": "233a53208d340e4cea645966add202b0", "sha1_hash": "a4d36a34a7dae50bb02d5084ebec85000296a7bf", "sha256_hash": "f17e469a6ad909a00b009746e5811e22d824fdc47ec46b1e48a978cd21facf9e", "type": "file_hash", "version": 1 }, { "md5_hash": "60d1c5f03099a3e32a0050b4c97bbef0", "sha1_hash": "758ab13d05b0a9e0526735488aebc01219c9414e", "sha256_hash": "5e90a79c7f44e006b995017f333598dc97604b0c766491ee58b78455a80de64f", "type": "file_hash", "version": 1 }, { "md5_hash": "f3f00bc27996cc860965a80e6e27c852", "sha1_hash": "47f6ebba74f29ca1381bbeb650b4580a05db9a26", "sha256_hash": "349086d403f89de8b5367764e430f3cb67be549a9530acf21615107f7450e189", "type": "file_hash", "version": 1 }, { "md5_hash": "387291d8f8cf62962d0a9c88210ce229", "sha1_hash": "b8b4f8ca64b14bec960c05400f807e38b84563c3", "sha256_hash": "004e824fb332feca2f6aae0ed679ce332f8e5b7f54ea80beda3bbc169d6b3f80", "type": "file_hash", "version": 1 }, { "md5_hash": "68f8d46ce87d14b7c5b4c52480454508", "sha1_hash": "5e7cf1f4ece04213f9ca286d7d521d74110acde2", "sha256_hash": "d55f9ae48dc78005327df61db9ef38e6c7dfff19e115a9c95d2216f4ac4d24ef", "type": "file_hash", "version": 1 }, { "md5_hash": "cb2b5b68fa992705f34929b00152114e", "sha1_hash": "488b34f1faca18fb4197cda0376b851e07245d4b", "sha256_hash": "76657280e3f76e9811406039e6bc6274d11fb18f23bda254ac03a4a5052e5115", "type": "file_hash", "version": 1 }, { "md5_hash": "afc677e666c2b22bd89873efa77d1b85", "sha1_hash": "fa1605aea591834f8f4a70e2b1cd0a634d34ed02", "sha256_hash": "979a48c1a001aabd397299d849d3d419a77923f7741c3d1e3fcc96fd002051fa", "type": "file_hash", "version": 1 }, { "md5_hash": "5c53b1d7a983d080503dc90492873bd3", "sha1_hash": "15a3880766426885512c2a44a994374474afde21", "sha256_hash": "1c29fbf1abdbbc9dad2c501894642e73ecb2e68c07147a6534b22f865cebaad4", "type": "file_hash", "version": 1 }, { "md5_hash": "3c41fcdae69f4f34de48dc8a9f1f2578", "sha1_hash": "d1cd65c9bd2bf9278ecc3c187e0d39bf5e58282d", "sha256_hash": "9c171d39ce6458556cf95d981e77ce60c46f35239854d4f7543460b6a9ebbbc9", "type": "file_hash", "version": 1 }, { "md5_hash": "fa663a4348bdb40c1304eda0fdbc2f96", "sha1_hash": "390f3f5c8a711862b0650b7a807e424b8df6ce69", "sha256_hash": "19e559af58b93be54d61a5260d0bf850df87169f56a8ecac1c57f31ad73d68c1", "type": "file_hash", "version": 1 }, { "md5_hash": "4c4e1859c51d30d559d71f4b1f2dc71e", "sha1_hash": "8f7fdb94a1d33cb85a60ccb837229df733238664", "sha256_hash": "8ee29a21c448893b369cd7ca4c15f6b7c08489baf22226501f9223afd18b7c9b", "type": "file_hash", "version": 1 }, { "md5_hash": "a6acf7cd1de9e3a55eced78a5d693f54", "sha1_hash": "223b354b5481e0fa444a809c631787a471081a85", "sha256_hash": "5c8d1c7de953da3e892a320bcd4622a5b3029f0eb62d49ae228c8e16d0deb1d1", "type": "file_hash", "version": 1 }, { "md5_hash": "f6e0d72b37c594e479d083b196c34e74", "sha1_hash": "06f6597d49cf98c03337ee56857fc4844cb9a9d8", "sha256_hash": "1a92628c6fb31e224dbd2b6a921f20c28face152f9ee29892797ef5e5d20760d", "type": "file_hash", "version": 1 }, { "md5_hash": "b5f88e92df9a151bfe714e384b4ee82b", "sha1_hash": "602335adc86b8d317ce5464790090851bda31c2e", "sha256_hash": "c0e15ec77b7cc67c5b32f7fc9442c104363f10cebdcc7c93dff0bacaf2347aad", "type": "file_hash", "version": 1 }, { "md5_hash": "b0a7a765267a92ca9073293194f8fa04", "sha1_hash": "94841c52d4fbd549453bddee181640033b2bced9", "sha256_hash": "f9c1834491ddc17978263d1dc2203e3c56c4072cbbf060808d437b945bb7119d", "type": "file_hash", "version": 1 }, { "md5_hash": "b77ea909bc6ba1bab67fd00f78ddee98", "sha1_hash": "4c2dd01791f70d93b1fda434779f1a07d8633f36", "sha256_hash": "dd7f2d1a8b4a1735ac1689dbd8cb47c7351caa516852eff182ecee45609f2810", "type": "file_hash", "version": 1 }, { "md5_hash": "b1949a0cf0a1a31bca934f23a3475a81", "sha1_hash": "7601c447f0c74a1c5f23f836f5812df65c9fa912", "sha256_hash": "6355c163ef6b0d4da7e2d2aed2ad67700ab80d2d23be0240212a06dbe8e82d78", "type": "file_hash", "version": 1 }, { "md5_hash": "5e0a244aae44537c87c0be09d6f73f28", "sha1_hash": "53481b8eef6c6bbba3ba9d9657fba916634b5d6e", "sha256_hash": "ced0ce1a6dd709918e6bbe0e8203b0d7976a4d42a0d70d5d8e42fe9f11077ec9", "type": "file_hash", "version": 1 }, { "md5_hash": "207cfbe270ccebc28bc1ed379c64cc3f", "sha1_hash": "34e4d78eaffb97cbb94b98e62a0208c21710c19f", "sha256_hash": "1d37b75172e154dfe675bff7ac11392aded28970b5909422da13adc78c9523f0", "type": "file_hash", "version": 1 }, { "md5_hash": "b6b66d74f9e3a0efd10fde6bbbbad9e4", "sha1_hash": "50e0b8a80d8d57f9dfb90eeb3a9801faa0dcae60", "sha256_hash": "82356c515e15491d7ed313c5399bca714c2963b846291e98a6271ea6256bf82c", "type": "file_hash", "version": 1 }, { "md5_hash": "fb4a327e5743c5ec43a2c5b00c3257f0", "sha1_hash": "df35bb9a9a7be55b9127271d54be04ce15f3fb71", "sha256_hash": "33e24a9503300a5da2ce23d7bb110bdb4a3a1cae383823b2b6709379e519d97b", "type": "file_hash", "version": 1 }, { "md5_hash": "c1de83374368343f829ece5ee257e230", "sha1_hash": "dd3033e2ab2ae03f86eb355277c88ec093b1fc4c", "sha256_hash": "9ada92c22a174a53d8eef170960b70b318f936fba534c888899ccc4f02bc56e5", "type": "file_hash", "version": 1 }, { "md5_hash": "bc9f5bcde37ce92051ee205e22262430", "sha1_hash": "23fd3466a93c8c295099e2c5d63c2649d81c86db", "sha256_hash": "ad9734138695371c8c167d40a4902baa8bd83b6cc20d3373887c362af5eb57be", "type": "file_hash", "version": 1 }, { "md5_hash": "e76af655870fbc28e5a45d414fba3648", "sha1_hash": "ed46a977ce34757ce614a1e5d734d44abafc7eac", "sha256_hash": "0c1e7dc44dbc711926402ba3aef75610adf597d8369abc9b1ad73b5f3716f31b", "type": "file_hash", "version": 1 }, { "md5_hash": "7a861320fbc167bc5f1fa8e832ded70a", "sha1_hash": "310c2ede201aec126502a2d96a25fc66e74fd577", "sha256_hash": "0110666716db6db6e5380f4bbc87fc6547e2843694b556a4a3cd71d8a439e1bb", "type": "file_hash", "version": 1 }, { "md5_hash": "9eb2256b33702234676987d214e88b2e", "sha1_hash": "d39905d1acc6292a2c3e8a462d1dfe69584dc195", "sha256_hash": "5da76375758cba487fdaca822002bffd0fd564cb70a564c13f028b2afe5301d5", "type": "file_hash", "version": 1 }, { "md5_hash": "26d5eb07c83c4476d0b85375c2012447", "sha1_hash": "43ac2342a7261601d4df866cc724d20d84ccb13f", "sha256_hash": "0bb7f9b2b182106196a1cbf6fb304ccfe7064b11b22eb513ef5e76ceb13791f6", "type": "file_hash", "version": 1 }, { "md5_hash": "bdb2423f1acd37d9d478799b93ef11ea", "sha1_hash": "91eecc293ae0164e7a08dc542ff9baeb84f526b4", "sha256_hash": "d89d77c2e14c7aa96fe519e84ba311d88f93dd29e7789a65b796c4f58e59c359", "type": "file_hash", "version": 1 }, { "md5_hash": "ac35467b24f8bd344f4889681d94a5c4", "sha1_hash": "a8b9fc6666f7be80173d3739d0cabf8a68b0f8bc", "sha256_hash": "6ceb8fc71c3c02b8a575a67e2020f91df4f9203435081c8e5c570be610f83393", "type": "file_hash", "version": 1 }, { "md5_hash": "a366a82e64918a7b9e95256ed23ac3e4", "sha1_hash": "88bbd33f6de0e34d0d496572cd0fe404671540ce", "sha256_hash": "098f9a30e2d1f0ffd906f449ab33357e3cd9c4c49f361e46a6be4c760603c1a0", "type": "file_hash", "version": 1 }, { "md5_hash": "6bb5156fe2fb4f08e6559472ef09c1fb", "sha1_hash": "f7658e51e6954ec7b7f3c4085035ca09b603992c", "sha256_hash": "0d7756b24c7dd2db36d30f9a3a0452d274fbb06ef898336ebbaedaa604f29727", "type": "file_hash", "version": 1 }, { "md5_hash": "b4e556d6ca58e884897fdd1b26c77e2a", "sha1_hash": "0248df8d4e8da9471f7018335af30c0467c1cedc", "sha256_hash": "2bff75ffcd02b862bc407ff5324c1ab914a9e011b76152b12e5418d96fc22338", "type": "file_hash", "version": 1 }, { "md5_hash": "5f85bf73e36d0191969f526f5e29b8e1", "sha1_hash": "e5219c7693b0b717ea10493abef359101e70f975", "sha256_hash": "9d663f8b419778d8f2f967eeab1745684dda8d801d257013124a0b6502fe901f", "type": "file_hash", "version": 1 }, { "md5_hash": "7bde472399a8956232e418f66e0ba0b1", "sha1_hash": "82d085e9b10812c3792b0056ed52245eb6739c6c", "sha256_hash": "5214e665cfb56d9a552bc953e2b681917a4c11d1779862a78ae1d2abe9ee2f1d", "type": "file_hash", "version": 1 }, { "md5_hash": "163318534d6b1d8bcfb1920a72285b81", "sha1_hash": "88c0d6ed71e660e65bec0a13637608fffdaeb4c0", "sha256_hash": "89d6281199a2684a1beaa66aa10b25f46c797d9ebc1b87f0551f249455b7adfc", "type": "file_hash", "version": 1 }, { "md5_hash": "2260878b67f481ea46f1241273651738", "sha1_hash": "31c2c555795a7bff8205d20c25338ac5dd89b8e0", "sha256_hash": "f9de24d0f1ae15fde5a1d1c924bf45d43e6462456ac8b48001d0d11d32d3203c", "type": "file_hash", "version": 1 }, { "md5_hash": "9eb3a64bbb13cbea45a81cd6332d0bfe", "sha1_hash": "a96793e00119deb5cb8661a6c3507413b4d40be3", "sha256_hash": "87802711517227b9c1cb30e8f7ce8794c55d4322a30036ce5db5f70b239db0bf", "type": "file_hash", "version": 1 }, { "md5_hash": "e07cfe8b2393008a6710cd17680c959f", "sha1_hash": "3f0fd14b14385340b96eabec3459b77077756d9c", "sha256_hash": "b4c39b41a25da83168c2a09ed8ba84b744f440a0e8547b4626b08226b6ba57a1", "type": "file_hash", "version": 1 }, { "md5_hash": "503839b3093d878830ed5f0e334823d7", "sha1_hash": "f2d7407c7d03a7e5a4c2dac68886d9408085d648", "sha256_hash": "6ee28d1a9d7a181811dad5df46f4b02c9648345630ac19a55c4192a2d837d420", "type": "file_hash", "version": 1 }, { "md5_hash": "72036b3ebe710f325e06ff220bb43c59", "sha1_hash": "7c081d3f144735e8f12931dfe23b5f447d80de5a", "sha256_hash": "c1cb2838c29020843dad8aea39a48cedcf28052d2228f3d03e8fbd3ce05062eb", "type": "file_hash", "version": 1 }, { "md5_hash": "264cd08d7cdd248966651c001aa61eee", "sha1_hash": "3decbf370b8ced227747c320c583415d61e95eb6", "sha256_hash": "c9aad2253b84631971732cecebe6f9305cd6a626dc1d7c669205e8fe494b11fb", "type": "file_hash", "version": 1 }, { "md5_hash": "caa38beb1e9bad46a41ff1aad856a733", "sha1_hash": "a1ef8d127d33d70ab2baa3587e508b668967f66e", "sha256_hash": "ffd8b43ce7ec2baa7258d4dbd4ca12bab34e46a34bbcf7bf226ac9b2dd64c0cd", "type": "file_hash", "version": 1 }, { "md5_hash": "bdcd7b4596d88cedab90c58f2e74cae6", "sha1_hash": "630dbb9816a2d5df74489963c91145edcd86df47", "sha256_hash": "2f93e98fe83dc0a9ed8de8d787495721175ee127a16264b5f384b316c8aee1aa", "type": "file_hash", "version": 1 }, { "md5_hash": "d79bf7daf62422a53398e06ac8a7d8e5", "sha1_hash": "5de4e3063a91cb2552e32f8d1ee766654f6d5e4f", "sha256_hash": "f0ae495d9cb2ef2a3cbcabf9a0f452e13215812e3608227fa2956ee36aeab524", "type": "file_hash", "version": 1 }, { "md5_hash": "3dd9b49dec535ee301713547ad7be1e1", "sha1_hash": "a7f6ccc253ee0475b39d0c354f9455d39dafd98d", "sha256_hash": "fe3b2e04595474276fde441b2c4095f0989ea0ee0b67069a063d7676b5ea329e", "type": "file_hash", "version": 1 }, { "md5_hash": "8c128e39e06ef1289c6bb638b51aba1d", "sha1_hash": "5fc8bf70e6bbc5d4e34cf4a0c456e925075c16bb", "sha256_hash": "c9ab6675e78c214a446ee21907e1f3496a44e44e21ce2db363ae094abaa2c7f6", "type": "file_hash", "version": 1 }, { "md5_hash": "66fe61bfe117baebc77aa9f120f97f8a", "sha1_hash": "c12ddc06b5021bc12c07506d749dbf4d9ef1917a", "sha256_hash": "8d61f5fe5bdcfbd262ac402ec66c2b484406a577f3f15b5064f569b66d4b1947", "type": "file_hash", "version": 1 }, { "md5_hash": "ed0395bea390decae30c78fa558b9b43", "sha1_hash": "fdb9423347f03bdb626bd47ebe9c0694b0a93ae2", "sha256_hash": "1e5a85b81dab9ba87b75ff41b1b6d1079e5484d3330ce2eb270583e1df34b59d", "type": "file_hash", "version": 1 }, { "md5_hash": "2e6cde223059f28c5a9cc1119e6ea43d", "sha1_hash": "4d289d7e3809c5d9a3b8b03be36de93b200e6454", "sha256_hash": "e6d4d0d9b629d9d5f207aad3b05c28bd5f8a23c456e8a194b5a82d77cc6108d9", "type": "file_hash", "version": 1 }, { "md5_hash": "5b197608bd0494f85d6ec54cc484cf93", "sha1_hash": "e47b88eb4d7db90a152f5f49bbc429943209b555", "sha256_hash": "42ddf176666764888564b5e467c9d3f12729421502c7b44985e3fb2ce240fb50", "type": "file_hash", "version": 1 }, { "md5_hash": "6e4676a203f0e70f9e1c34224a7c2aa9", "sha1_hash": "a29bdce78bcbdf048c78b099f9cd0739a50f66cd", "sha256_hash": "98717918c4e1f8b8840f348e7812040b2b98fb15bc4f23d2c13716a1593204e1", "type": "file_hash", "version": 1 }, { "md5_hash": "556897b9fe89f288fb7c12110180ca8d", "sha1_hash": "a72d46c21c23cae9576d9c7f623e7bc5a51911f0", "sha256_hash": "484737c4fe28dfea4ae86bdcb9d5871285412de0b68f941ecfd17611dbd9fa87", "type": "file_hash", "version": 1 }, { "md5_hash": "667bea4b50c45bcc84d5c840d53a33f1", "sha1_hash": "f9b6d8ebdd2e5237e987fe86508e256160a1c2e2", "sha256_hash": "b6d0333002bb2136ee27f31546ba98c1645c927cf8dbe2b451672d33aecb0690", "type": "file_hash", "version": 1 }, { "md5_hash": "7c29a8263896e822d7bb7d04bb55e76c", "sha1_hash": "d421c63f54f887f4d4a4cc44f19a9ada57d33344", "sha256_hash": "c24bf3db15794b8d7128a79a8c1b789c75c669151432b7ff74ec0753c515be13", "type": "file_hash", "version": 1 }, { "md5_hash": "a7bca06f87d0dd8d001370bccd9f9cad", "sha1_hash": "606455cacc0ea66f5d4f2dc672e23d28afe627ac", "sha256_hash": "2d79c3520827c87da66d53eb657968f147a0b257effe5650a9645ed72f1cf307", "type": "file_hash", "version": 1 }, { "md5_hash": "a4135832d5416e6fe8954e663a3e767b", "sha1_hash": "ac47400c5547d62a57ab921e0bac146493978b93", "sha256_hash": "5261f831f8649ab54cb63e377a47c9a95d728f1ead5b54f9927c7427c13707cb", "type": "file_hash", "version": 1 }, { "md5_hash": "6d5e5dd9dcfbc80a8d7777786b5bad98", "sha1_hash": "8d601d400256a65ae181fac1d8ab1d8cbd4f580b", "sha256_hash": "c0a1291a49b66da56a686e9fe6a4e90732ef593f9fcc8f400f51abcf8f6b7363", "type": "file_hash", "version": 1 }, { "md5_hash": "3e58ed2d1e143a60e5df7865855157ab", "sha1_hash": "5cb550e1f100b95351491c57cf00740d5bdf2f14", "sha256_hash": "ca6359af6ce359ce77debaa4cca8bbbab6bfb3c96e000277602a11c9dc87ee2f", "type": "file_hash", "version": 1 }, { "md5_hash": "5a080f0cca70070f3f93e9aca56b3147", "sha1_hash": "08f591678609efdab2ea163344c2e2cf98449803", "sha256_hash": "38a9379997be8642eb37216f2d9772ab07de4feab45fed89a96cd9029ab90151", "type": "file_hash", "version": 1 }, { "md5_hash": "a15ee3a70d83b03cc61b9cfb0871dac5", "sha1_hash": "9d6215b9418f3663ded67444222d58370fd3a025", "sha256_hash": "0a2ca877fe2b4e53e49ab5c65033edb01f14fe9ab193855ee55dbcfbf46b056b", "type": "file_hash", "version": 1 }, { "md5_hash": "8bc0d6c00975e36bfbccb8c94585830d", "sha1_hash": "5f1053d7461f141a23a2df3fcd37eef1ef83691e", "sha256_hash": "6238d8b973cd694d0415b528cb465d7477dd14a0070cf8694eb4d9ba64cabf7d", "type": "file_hash", "version": 1 }, { "md5_hash": "a315cb1d834ba8ba37c17859f744778e", "sha1_hash": "55cf90d4c0f49ae917e3be55fd7c6f951d9c56b0", "sha256_hash": "3e2133964efd8dec7ce34290fdd7138c359e1746c5ac39c87044fe6bdaaa3d8e", "type": "file_hash", "version": 1 }, { "md5_hash": "e669f6d9204a7fa9042689d8bfa8d693", "sha1_hash": "08be72438fa3608aa27a350edaa9069c13a136ae", "sha256_hash": "af7d105c04f123d4d91eeb22c81da67f16093388296ed0aa654ee189c73c29c3", "type": "file_hash", "version": 1 }, { "md5_hash": "a92ea9f1b3902e06c687a7d6beeb4b6f", "sha1_hash": "51b92a33abd11a0f34bc2e082484470285c4aa39", "sha256_hash": "3dbccd71cf9f55d7b311a636fadb40d98fe5688c6afd0b937086b0285bd8997f", "type": "file_hash", "version": 1 }, { "md5_hash": "ef2e526fe62e9018f01cb04b5426eafc", "sha1_hash": "bb3c218355ad08c34c34b969d189270fb6acafa0", "sha256_hash": "0ca5933326de32802f1c9683b09b85e0d37f42005aa2a8f79fec8679952bd828", "type": "file_hash", "version": 1 }, { "md5_hash": "272785bce52334c936e6e6b78cd92a41", "sha1_hash": "fed0929f869262fcfbae7d15d5ee201453d66da2", "sha256_hash": "f6229417eea5dc925e6ee4c7b2939d4d50d1b54f7a156095ddf0a558072213c7", "type": "file_hash", "version": 1 }, { "md5_hash": "51ec8a79a04c336b368fbbbcc4034a12", "sha1_hash": "1ff0c0834d9678e68e268c243bb4d67c2a8b0775", "sha256_hash": "0a54710c94734f2b673b6156ad037084f3ce136f68452ed44eb70975645a6390", "type": "file_hash", "version": 1 }, { "md5_hash": "6bbd5d6b6a7845854288aba5e3d2f8bc", "sha1_hash": "4891eaad02a24012afe9cfeaceb01482d0d4baf3", "sha256_hash": "056407e4de4521ec4628e968361dbf5f8bead5f46f600c480dee96c1c484f860", "type": "file_hash", "version": 1 }, { "md5_hash": "c94ce9d20748a727989a15609267b4f9", "sha1_hash": "1fba20a4d855bead6d68bb2cbe1450450a68d2b1", "sha256_hash": "b3913c192892b4b833b605975543875890aa58bf7b2f69f4392237a0f72f7e9d", "type": "file_hash", "version": 1 }, { "md5_hash": "8c92f6c90debf182342eec2b8ff0801b", "sha1_hash": "e64d9142066ea8d5de7c1d4316eed908e0be7122", "sha256_hash": "97c6e88fb00c281bb08613852fca40b94cf04307c6edf1ea057a328a8710d882", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8Q-59UAV\\8Q-logri.ini", "hashes": [ { "md5_hash": "d63a82e5d81e02e399090af26db0b9cb", "sha1_hash": "91d0014c8f54743bba141fd60c9d963f869d76c9", "sha256_hash": "eaece2eba6310253249603033c744dd5914089b0bb26bde6685ec9813611baae", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logri.ini", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8Q-59UAV\\8Q-logrv.ini", "hashes": [ { "md5_hash": "ba3b6bc807d4f76794c4b81b09bb9ba5", "sha1_hash": "24cb89501f0212ff3095ecc0aba97dd563718fb1", "sha256_hash": "6eebf968962745b2e9de2ca969af7c424916d4e3fe3cc0bb9b3d414abfce9507", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrv.ini", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\lxqfwvdqlkd.exe", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\lxqfwvdqlkd.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\lxqfwvdqlkd.exe", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\lxqfwvdqlkd.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\lxqfwvdqlkd.exe", "hashes": [], "norm_filename": "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\lxqfwvdqlkd.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Program Files (x86)\\lxqfwvdqlkd.exe", "hashes": [], "norm_filename": "c:\\program files (x86)\\lxqfwvdqlkd.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Program Files (x86)\\Common Files\\lxqfwvdqlkd.exe", "hashes": [], "norm_filename": "c:\\program files (x86)\\common files\\lxqfwvdqlkd.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\ProgramData\\lxqfwvdqlkd.exe", "hashes": [], "norm_filename": "c:\\programdata\\lxqfwvdqlkd.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\8Q-59UAV\\8Q-log.ini", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-log.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\opera software\\opera stable\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\igfxonux.scr", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "f5aceff295707412e7679e7c0f3a797e", "sha1_hash": "89c58b4bc7130630ff093afe1c57614a4b85ddc7", "sha256_hash": "ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "System Paging File", "hashes": [], "norm_filename": "system paging file", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Windows\\SysWOW64\\cmstp.exe", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\cmstp.exe", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\igfxonux.scr", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\igfxonux.scr", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [ { "mutex_name": "Nameless", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "S-1-5-21-3388679-13801793209033", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "L53886-WGVVJKAFC", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "8Q-59UAVA1ZvGWMZ", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "S-1-5-21-3388679-8441793209033", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\VBA\\Monitors", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\\Calendar Summary", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\05cb6f136411cf4daf1f74e966b0a7dc", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\0a0d020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\4b62e5f8c092a64ea9b79fd559a5a15e", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\609a848a708f544697003a34105400ef", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\63cba20b08018a458b6edb5d87fb54da", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\828cd3a417cead4ab3a214070dce1c3d", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\8503020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\88d17fec23cbdd4fb54ad1d34c0dce09", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\a533ec91a4f74549ac2130b6908c8aac", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\b70c659765f94740b657fee657d05ab4", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\cce6b8ce16bac4458e5e40e3530d6f1d", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\dd7f40a823cda64b92e9a96e9e46e406", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\ddb0922fc50b8d42be5a821ede840761", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Thunderbird\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_2", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_4", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-log.ini", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/89c58b4bc7130630ff093afe1c57614a4b85ddc7", "file_type": "created_file", "id": "file_3", "md5_hash": "f5aceff295707412e7679e7c0f3a797e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr", "sha1_hash": "89c58b4bc7130630ff093afe1c57614a4b85ddc7", "sha256_hash": "ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d", "size": 290816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8990d4c5b8a881e0a1593040564a9a6dc5664695", "file_type": "created_file", "id": "file_5", "md5_hash": "e03f207a7b9cfc4d877ed2ec64be028e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "8990d4c5b8a881e0a1593040564a9a6dc5664695", "sha256_hash": "b17183098b6e349844a3151456edf62c8e41b2348d2445a610c0ff1e29963067", "size": 40, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c5b5cb23a8044e72d8fd2a11da9f9e31875bba12", "file_type": "created_file", "id": "file_6", "md5_hash": "3672ebfa59687d457ddb10f2e7102c2c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "c5b5cb23a8044e72d8fd2a11da9f9e31875bba12", "sha256_hash": "615a7fb6e9f70b09f6f6432a04976a0c4dd80b5c306ce9b7c739c956532c7844", "size": 52, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2bd9b7aef5b39760910267a3889aac9596903791", "file_type": "created_file", "id": "file_7", "md5_hash": "b7a3da82c959d15ee79789cec957a60e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "2bd9b7aef5b39760910267a3889aac9596903791", "sha256_hash": "3e631a63bac92f8b974308fa32979d897b81ee2b7817f434610688a24409158c", "size": 134, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c0905d8beea8bd1f6f7d93f2f06accfdbf1bb926", "file_type": "created_file", "id": "file_8", "md5_hash": "6a2d8fd600948cefea9c615af9607bd5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "c0905d8beea8bd1f6f7d93f2f06accfdbf1bb926", "sha256_hash": "8a8a84891ecb2032320d1c0de99fdcd94100df10f352d9f96fd1b2433cd4d45b", "size": 152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a4d36a34a7dae50bb02d5084ebec85000296a7bf", "file_type": "created_file", "id": "file_9", "md5_hash": "233a53208d340e4cea645966add202b0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "a4d36a34a7dae50bb02d5084ebec85000296a7bf", "sha256_hash": "f17e469a6ad909a00b009746e5811e22d824fdc47ec46b1e48a978cd21facf9e", "size": 174, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/758ab13d05b0a9e0526735488aebc01219c9414e", "file_type": "created_file", "id": "file_10", "md5_hash": "60d1c5f03099a3e32a0050b4c97bbef0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "758ab13d05b0a9e0526735488aebc01219c9414e", "sha256_hash": "5e90a79c7f44e006b995017f333598dc97604b0c766491ee58b78455a80de64f", "size": 198, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/47f6ebba74f29ca1381bbeb650b4580a05db9a26", "file_type": "created_file", "id": "file_11", "md5_hash": "f3f00bc27996cc860965a80e6e27c852", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "47f6ebba74f29ca1381bbeb650b4580a05db9a26", "sha256_hash": "349086d403f89de8b5367764e430f3cb67be549a9530acf21615107f7450e189", "size": 218, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b8b4f8ca64b14bec960c05400f807e38b84563c3", "file_type": "created_file", "id": "file_12", "md5_hash": "387291d8f8cf62962d0a9c88210ce229", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "b8b4f8ca64b14bec960c05400f807e38b84563c3", "sha256_hash": "004e824fb332feca2f6aae0ed679ce332f8e5b7f54ea80beda3bbc169d6b3f80", "size": 244, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5e7cf1f4ece04213f9ca286d7d521d74110acde2", "file_type": "created_file", "id": "file_13", "md5_hash": "68f8d46ce87d14b7c5b4c52480454508", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "5e7cf1f4ece04213f9ca286d7d521d74110acde2", "sha256_hash": "d55f9ae48dc78005327df61db9ef38e6c7dfff19e115a9c95d2216f4ac4d24ef", "size": 260, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/488b34f1faca18fb4197cda0376b851e07245d4b", "file_type": "created_file", "id": "file_14", "md5_hash": "cb2b5b68fa992705f34929b00152114e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "488b34f1faca18fb4197cda0376b851e07245d4b", "sha256_hash": "76657280e3f76e9811406039e6bc6274d11fb18f23bda254ac03a4a5052e5115", "size": 288, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fa1605aea591834f8f4a70e2b1cd0a634d34ed02", "file_type": "created_file", "id": "file_15", "md5_hash": "afc677e666c2b22bd89873efa77d1b85", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "fa1605aea591834f8f4a70e2b1cd0a634d34ed02", "sha256_hash": "979a48c1a001aabd397299d849d3d419a77923f7741c3d1e3fcc96fd002051fa", "size": 294, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/15a3880766426885512c2a44a994374474afde21", "file_type": "created_file", "id": "file_16", "md5_hash": "5c53b1d7a983d080503dc90492873bd3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "15a3880766426885512c2a44a994374474afde21", "sha256_hash": "1c29fbf1abdbbc9dad2c501894642e73ecb2e68c07147a6534b22f865cebaad4", "size": 320, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d1cd65c9bd2bf9278ecc3c187e0d39bf5e58282d", "file_type": "created_file", "id": "file_17", "md5_hash": "3c41fcdae69f4f34de48dc8a9f1f2578", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "d1cd65c9bd2bf9278ecc3c187e0d39bf5e58282d", "sha256_hash": "9c171d39ce6458556cf95d981e77ce60c46f35239854d4f7543460b6a9ebbbc9", "size": 364, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/390f3f5c8a711862b0650b7a807e424b8df6ce69", "file_type": "created_file", "id": "file_18", "md5_hash": "fa663a4348bdb40c1304eda0fdbc2f96", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "390f3f5c8a711862b0650b7a807e424b8df6ce69", "sha256_hash": "19e559af58b93be54d61a5260d0bf850df87169f56a8ecac1c57f31ad73d68c1", "size": 396, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8f7fdb94a1d33cb85a60ccb837229df733238664", "file_type": "created_file", "id": "file_19", "md5_hash": "4c4e1859c51d30d559d71f4b1f2dc71e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "8f7fdb94a1d33cb85a60ccb837229df733238664", "sha256_hash": "8ee29a21c448893b369cd7ca4c15f6b7c08489baf22226501f9223afd18b7c9b", "size": 416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/223b354b5481e0fa444a809c631787a471081a85", "file_type": "created_file", "id": "file_20", "md5_hash": "a6acf7cd1de9e3a55eced78a5d693f54", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "223b354b5481e0fa444a809c631787a471081a85", "sha256_hash": "5c8d1c7de953da3e892a320bcd4622a5b3029f0eb62d49ae228c8e16d0deb1d1", "size": 420, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/06f6597d49cf98c03337ee56857fc4844cb9a9d8", "file_type": "created_file", "id": "file_21", "md5_hash": "f6e0d72b37c594e479d083b196c34e74", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "06f6597d49cf98c03337ee56857fc4844cb9a9d8", "sha256_hash": "1a92628c6fb31e224dbd2b6a921f20c28face152f9ee29892797ef5e5d20760d", "size": 432, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/602335adc86b8d317ce5464790090851bda31c2e", "file_type": "created_file", "id": "file_22", "md5_hash": "b5f88e92df9a151bfe714e384b4ee82b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "602335adc86b8d317ce5464790090851bda31c2e", "sha256_hash": "c0e15ec77b7cc67c5b32f7fc9442c104363f10cebdcc7c93dff0bacaf2347aad", "size": 514, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/94841c52d4fbd549453bddee181640033b2bced9", "file_type": "created_file", "id": "file_23", "md5_hash": "b0a7a765267a92ca9073293194f8fa04", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "94841c52d4fbd549453bddee181640033b2bced9", "sha256_hash": "f9c1834491ddc17978263d1dc2203e3c56c4072cbbf060808d437b945bb7119d", "size": 532, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4c2dd01791f70d93b1fda434779f1a07d8633f36", "file_type": "created_file", "id": "file_24", "md5_hash": "b77ea909bc6ba1bab67fd00f78ddee98", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "4c2dd01791f70d93b1fda434779f1a07d8633f36", "sha256_hash": "dd7f2d1a8b4a1735ac1689dbd8cb47c7351caa516852eff182ecee45609f2810", "size": 554, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7601c447f0c74a1c5f23f836f5812df65c9fa912", "file_type": "created_file", "id": "file_25", "md5_hash": "b1949a0cf0a1a31bca934f23a3475a81", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "7601c447f0c74a1c5f23f836f5812df65c9fa912", "sha256_hash": "6355c163ef6b0d4da7e2d2aed2ad67700ab80d2d23be0240212a06dbe8e82d78", "size": 578, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/53481b8eef6c6bbba3ba9d9657fba916634b5d6e", "file_type": "created_file", "id": "file_26", "md5_hash": "5e0a244aae44537c87c0be09d6f73f28", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "53481b8eef6c6bbba3ba9d9657fba916634b5d6e", "sha256_hash": "ced0ce1a6dd709918e6bbe0e8203b0d7976a4d42a0d70d5d8e42fe9f11077ec9", "size": 598, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/34e4d78eaffb97cbb94b98e62a0208c21710c19f", "file_type": "created_file", "id": "file_27", "md5_hash": "207cfbe270ccebc28bc1ed379c64cc3f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "34e4d78eaffb97cbb94b98e62a0208c21710c19f", "sha256_hash": "1d37b75172e154dfe675bff7ac11392aded28970b5909422da13adc78c9523f0", "size": 624, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/50e0b8a80d8d57f9dfb90eeb3a9801faa0dcae60", "file_type": "created_file", "id": "file_28", "md5_hash": "b6b66d74f9e3a0efd10fde6bbbbad9e4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "50e0b8a80d8d57f9dfb90eeb3a9801faa0dcae60", "sha256_hash": "82356c515e15491d7ed313c5399bca714c2963b846291e98a6271ea6256bf82c", "size": 642, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/df35bb9a9a7be55b9127271d54be04ce15f3fb71", "file_type": "created_file", "id": "file_29", "md5_hash": "fb4a327e5743c5ec43a2c5b00c3257f0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "df35bb9a9a7be55b9127271d54be04ce15f3fb71", "sha256_hash": "33e24a9503300a5da2ce23d7bb110bdb4a3a1cae383823b2b6709379e519d97b", "size": 670, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dd3033e2ab2ae03f86eb355277c88ec093b1fc4c", "file_type": "created_file", "id": "file_30", "md5_hash": "c1de83374368343f829ece5ee257e230", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "dd3033e2ab2ae03f86eb355277c88ec093b1fc4c", "sha256_hash": "9ada92c22a174a53d8eef170960b70b318f936fba534c888899ccc4f02bc56e5", "size": 676, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/23fd3466a93c8c295099e2c5d63c2649d81c86db", "file_type": "created_file", "id": "file_31", "md5_hash": "bc9f5bcde37ce92051ee205e22262430", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "23fd3466a93c8c295099e2c5d63c2649d81c86db", "sha256_hash": "ad9734138695371c8c167d40a4902baa8bd83b6cc20d3373887c362af5eb57be", "size": 702, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ed46a977ce34757ce614a1e5d734d44abafc7eac", "file_type": "created_file", "id": "file_32", "md5_hash": "e76af655870fbc28e5a45d414fba3648", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "ed46a977ce34757ce614a1e5d734d44abafc7eac", "sha256_hash": "0c1e7dc44dbc711926402ba3aef75610adf597d8369abc9b1ad73b5f3716f31b", "size": 748, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/310c2ede201aec126502a2d96a25fc66e74fd577", "file_type": "created_file", "id": "file_33", "md5_hash": "7a861320fbc167bc5f1fa8e832ded70a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "310c2ede201aec126502a2d96a25fc66e74fd577", "sha256_hash": "0110666716db6db6e5380f4bbc87fc6547e2843694b556a4a3cd71d8a439e1bb", "size": 780, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d39905d1acc6292a2c3e8a462d1dfe69584dc195", "file_type": "created_file", "id": "file_34", "md5_hash": "9eb2256b33702234676987d214e88b2e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "d39905d1acc6292a2c3e8a462d1dfe69584dc195", "sha256_hash": "5da76375758cba487fdaca822002bffd0fd564cb70a564c13f028b2afe5301d5", "size": 800, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/43ac2342a7261601d4df866cc724d20d84ccb13f", "file_type": "created_file", "id": "file_35", "md5_hash": "26d5eb07c83c4476d0b85375c2012447", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "43ac2342a7261601d4df866cc724d20d84ccb13f", "sha256_hash": "0bb7f9b2b182106196a1cbf6fb304ccfe7064b11b22eb513ef5e76ceb13791f6", "size": 804, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/91eecc293ae0164e7a08dc542ff9baeb84f526b4", "file_type": "created_file", "id": "file_36", "md5_hash": "bdb2423f1acd37d9d478799b93ef11ea", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "91eecc293ae0164e7a08dc542ff9baeb84f526b4", "sha256_hash": "d89d77c2e14c7aa96fe519e84ba311d88f93dd29e7789a65b796c4f58e59c359", "size": 816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a8b9fc6666f7be80173d3739d0cabf8a68b0f8bc", "file_type": "created_file", "id": "file_37", "md5_hash": "ac35467b24f8bd344f4889681d94a5c4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "a8b9fc6666f7be80173d3739d0cabf8a68b0f8bc", "sha256_hash": "6ceb8fc71c3c02b8a575a67e2020f91df4f9203435081c8e5c570be610f83393", "size": 898, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88bbd33f6de0e34d0d496572cd0fe404671540ce", "file_type": "created_file", "id": "file_38", "md5_hash": "a366a82e64918a7b9e95256ed23ac3e4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "88bbd33f6de0e34d0d496572cd0fe404671540ce", "sha256_hash": "098f9a30e2d1f0ffd906f449ab33357e3cd9c4c49f361e46a6be4c760603c1a0", "size": 916, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f7658e51e6954ec7b7f3c4085035ca09b603992c", "file_type": "created_file", "id": "file_39", "md5_hash": "6bb5156fe2fb4f08e6559472ef09c1fb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "f7658e51e6954ec7b7f3c4085035ca09b603992c", "sha256_hash": "0d7756b24c7dd2db36d30f9a3a0452d274fbb06ef898336ebbaedaa604f29727", "size": 940, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0248df8d4e8da9471f7018335af30c0467c1cedc", "file_type": "created_file", "id": "file_40", "md5_hash": "b4e556d6ca58e884897fdd1b26c77e2a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "0248df8d4e8da9471f7018335af30c0467c1cedc", "sha256_hash": "2bff75ffcd02b862bc407ff5324c1ab914a9e011b76152b12e5418d96fc22338", "size": 966, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e5219c7693b0b717ea10493abef359101e70f975", "file_type": "created_file", "id": "file_41", "md5_hash": "5f85bf73e36d0191969f526f5e29b8e1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "e5219c7693b0b717ea10493abef359101e70f975", "sha256_hash": "9d663f8b419778d8f2f967eeab1745684dda8d801d257013124a0b6502fe901f", "size": 1008, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/82d085e9b10812c3792b0056ed52245eb6739c6c", "file_type": "created_file", "id": "file_42", "md5_hash": "7bde472399a8956232e418f66e0ba0b1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "82d085e9b10812c3792b0056ed52245eb6739c6c", "sha256_hash": "5214e665cfb56d9a552bc953e2b681917a4c11d1779862a78ae1d2abe9ee2f1d", "size": 1034, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88c0d6ed71e660e65bec0a13637608fffdaeb4c0", "file_type": "created_file", "id": "file_43", "md5_hash": "163318534d6b1d8bcfb1920a72285b81", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "88c0d6ed71e660e65bec0a13637608fffdaeb4c0", "sha256_hash": "89d6281199a2684a1beaa66aa10b25f46c797d9ebc1b87f0551f249455b7adfc", "size": 1054, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/31c2c555795a7bff8205d20c25338ac5dd89b8e0", "file_type": "created_file", "id": "file_44", "md5_hash": "2260878b67f481ea46f1241273651738", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "31c2c555795a7bff8205d20c25338ac5dd89b8e0", "sha256_hash": "f9de24d0f1ae15fde5a1d1c924bf45d43e6462456ac8b48001d0d11d32d3203c", "size": 1066, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a96793e00119deb5cb8661a6c3507413b4d40be3", "file_type": "created_file", "id": "file_45", "md5_hash": "9eb3a64bbb13cbea45a81cd6332d0bfe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "a96793e00119deb5cb8661a6c3507413b4d40be3", "sha256_hash": "87802711517227b9c1cb30e8f7ce8794c55d4322a30036ce5db5f70b239db0bf", "size": 1108, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3f0fd14b14385340b96eabec3459b77077756d9c", "file_type": "created_file", "id": "file_46", "md5_hash": "e07cfe8b2393008a6710cd17680c959f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "3f0fd14b14385340b96eabec3459b77077756d9c", "sha256_hash": "b4c39b41a25da83168c2a09ed8ba84b744f440a0e8547b4626b08226b6ba57a1", "size": 1132, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f2d7407c7d03a7e5a4c2dac68886d9408085d648", "file_type": "created_file", "id": "file_47", "md5_hash": "503839b3093d878830ed5f0e334823d7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "f2d7407c7d03a7e5a4c2dac68886d9408085d648", "sha256_hash": "6ee28d1a9d7a181811dad5df46f4b02c9648345630ac19a55c4192a2d837d420", "size": 1146, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7c081d3f144735e8f12931dfe23b5f447d80de5a", "file_type": "created_file", "id": "file_48", "md5_hash": "72036b3ebe710f325e06ff220bb43c59", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "7c081d3f144735e8f12931dfe23b5f447d80de5a", "sha256_hash": "c1cb2838c29020843dad8aea39a48cedcf28052d2228f3d03e8fbd3ce05062eb", "size": 1170, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3decbf370b8ced227747c320c583415d61e95eb6", "file_type": "created_file", "id": "file_49", "md5_hash": "264cd08d7cdd248966651c001aa61eee", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "3decbf370b8ced227747c320c583415d61e95eb6", "sha256_hash": "c9aad2253b84631971732cecebe6f9305cd6a626dc1d7c669205e8fe494b11fb", "size": 1186, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a1ef8d127d33d70ab2baa3587e508b668967f66e", "file_type": "created_file", "id": "file_50", "md5_hash": "caa38beb1e9bad46a41ff1aad856a733", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "a1ef8d127d33d70ab2baa3587e508b668967f66e", "sha256_hash": "ffd8b43ce7ec2baa7258d4dbd4ca12bab34e46a34bbcf7bf226ac9b2dd64c0cd", "size": 1206, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/630dbb9816a2d5df74489963c91145edcd86df47", "file_type": "created_file", "id": "file_51", "md5_hash": "bdcd7b4596d88cedab90c58f2e74cae6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "630dbb9816a2d5df74489963c91145edcd86df47", "sha256_hash": "2f93e98fe83dc0a9ed8de8d787495721175ee127a16264b5f384b316c8aee1aa", "size": 1224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5de4e3063a91cb2552e32f8d1ee766654f6d5e4f", "file_type": "created_file", "id": "file_52", "md5_hash": "d79bf7daf62422a53398e06ac8a7d8e5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "5de4e3063a91cb2552e32f8d1ee766654f6d5e4f", "sha256_hash": "f0ae495d9cb2ef2a3cbcabf9a0f452e13215812e3608227fa2956ee36aeab524", "size": 1270, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a7f6ccc253ee0475b39d0c354f9455d39dafd98d", "file_type": "created_file", "id": "file_53", "md5_hash": "3dd9b49dec535ee301713547ad7be1e1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "a7f6ccc253ee0475b39d0c354f9455d39dafd98d", "sha256_hash": "fe3b2e04595474276fde441b2c4095f0989ea0ee0b67069a063d7676b5ea329e", "size": 1276, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5fc8bf70e6bbc5d4e34cf4a0c456e925075c16bb", "file_type": "created_file", "id": "file_54", "md5_hash": "8c128e39e06ef1289c6bb638b51aba1d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "5fc8bf70e6bbc5d4e34cf4a0c456e925075c16bb", "sha256_hash": "c9ab6675e78c214a446ee21907e1f3496a44e44e21ce2db363ae094abaa2c7f6", "size": 1308, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c12ddc06b5021bc12c07506d749dbf4d9ef1917a", "file_type": "created_file", "id": "file_55", "md5_hash": "66fe61bfe117baebc77aa9f120f97f8a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "c12ddc06b5021bc12c07506d749dbf4d9ef1917a", "sha256_hash": "8d61f5fe5bdcfbd262ac402ec66c2b484406a577f3f15b5064f569b66d4b1947", "size": 1324, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fdb9423347f03bdb626bd47ebe9c0694b0a93ae2", "file_type": "created_file", "id": "file_56", "md5_hash": "ed0395bea390decae30c78fa558b9b43", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "fdb9423347f03bdb626bd47ebe9c0694b0a93ae2", "sha256_hash": "1e5a85b81dab9ba87b75ff41b1b6d1079e5484d3330ce2eb270583e1df34b59d", "size": 1370, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4d289d7e3809c5d9a3b8b03be36de93b200e6454", "file_type": "created_file", "id": "file_57", "md5_hash": "2e6cde223059f28c5a9cc1119e6ea43d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "4d289d7e3809c5d9a3b8b03be36de93b200e6454", "sha256_hash": "e6d4d0d9b629d9d5f207aad3b05c28bd5f8a23c456e8a194b5a82d77cc6108d9", "size": 1582, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e47b88eb4d7db90a152f5f49bbc429943209b555", "file_type": "created_file", "id": "file_58", "md5_hash": "5b197608bd0494f85d6ec54cc484cf93", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "e47b88eb4d7db90a152f5f49bbc429943209b555", "sha256_hash": "42ddf176666764888564b5e467c9d3f12729421502c7b44985e3fb2ce240fb50", "size": 1630, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a29bdce78bcbdf048c78b099f9cd0739a50f66cd", "file_type": "created_file", "id": "file_59", "md5_hash": "6e4676a203f0e70f9e1c34224a7c2aa9", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "a29bdce78bcbdf048c78b099f9cd0739a50f66cd", "sha256_hash": "98717918c4e1f8b8840f348e7812040b2b98fb15bc4f23d2c13716a1593204e1", "size": 1658, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a72d46c21c23cae9576d9c7f623e7bc5a51911f0", "file_type": "created_file", "id": "file_60", "md5_hash": "556897b9fe89f288fb7c12110180ca8d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "a72d46c21c23cae9576d9c7f623e7bc5a51911f0", "sha256_hash": "484737c4fe28dfea4ae86bdcb9d5871285412de0b68f941ecfd17611dbd9fa87", "size": 1690, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f9b6d8ebdd2e5237e987fe86508e256160a1c2e2", "file_type": "created_file", "id": "file_61", "md5_hash": "667bea4b50c45bcc84d5c840d53a33f1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "f9b6d8ebdd2e5237e987fe86508e256160a1c2e2", "sha256_hash": "b6d0333002bb2136ee27f31546ba98c1645c927cf8dbe2b451672d33aecb0690", "size": 1710, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d421c63f54f887f4d4a4cc44f19a9ada57d33344", "file_type": "created_file", "id": "file_62", "md5_hash": "7c29a8263896e822d7bb7d04bb55e76c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "d421c63f54f887f4d4a4cc44f19a9ada57d33344", "sha256_hash": "c24bf3db15794b8d7128a79a8c1b789c75c669151432b7ff74ec0753c515be13", "size": 1714, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/606455cacc0ea66f5d4f2dc672e23d28afe627ac", "file_type": "created_file", "id": "file_63", "md5_hash": "a7bca06f87d0dd8d001370bccd9f9cad", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "606455cacc0ea66f5d4f2dc672e23d28afe627ac", "sha256_hash": "2d79c3520827c87da66d53eb657968f147a0b257effe5650a9645ed72f1cf307", "size": 1726, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac47400c5547d62a57ab921e0bac146493978b93", "file_type": "created_file", "id": "file_64", "md5_hash": "a4135832d5416e6fe8954e663a3e767b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "ac47400c5547d62a57ab921e0bac146493978b93", "sha256_hash": "5261f831f8649ab54cb63e377a47c9a95d728f1ead5b54f9927c7427c13707cb", "size": 1808, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8d601d400256a65ae181fac1d8ab1d8cbd4f580b", "file_type": "created_file", "id": "file_65", "md5_hash": "6d5e5dd9dcfbc80a8d7777786b5bad98", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "8d601d400256a65ae181fac1d8ab1d8cbd4f580b", "sha256_hash": "c0a1291a49b66da56a686e9fe6a4e90732ef593f9fcc8f400f51abcf8f6b7363", "size": 1826, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5cb550e1f100b95351491c57cf00740d5bdf2f14", "file_type": "created_file", "id": "file_66", "md5_hash": "3e58ed2d1e143a60e5df7865855157ab", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "5cb550e1f100b95351491c57cf00740d5bdf2f14", "sha256_hash": "ca6359af6ce359ce77debaa4cca8bbbab6bfb3c96e000277602a11c9dc87ee2f", "size": 1850, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/08f591678609efdab2ea163344c2e2cf98449803", "file_type": "created_file", "id": "file_67", "md5_hash": "5a080f0cca70070f3f93e9aca56b3147", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "08f591678609efdab2ea163344c2e2cf98449803", "sha256_hash": "38a9379997be8642eb37216f2d9772ab07de4feab45fed89a96cd9029ab90151", "size": 1874, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9d6215b9418f3663ded67444222d58370fd3a025", "file_type": "created_file", "id": "file_68", "md5_hash": "a15ee3a70d83b03cc61b9cfb0871dac5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "9d6215b9418f3663ded67444222d58370fd3a025", "sha256_hash": "0a2ca877fe2b4e53e49ab5c65033edb01f14fe9ab193855ee55dbcfbf46b056b", "size": 1894, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5f1053d7461f141a23a2df3fcd37eef1ef83691e", "file_type": "created_file", "id": "file_69", "md5_hash": "8bc0d6c00975e36bfbccb8c94585830d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "5f1053d7461f141a23a2df3fcd37eef1ef83691e", "sha256_hash": "6238d8b973cd694d0415b528cb465d7477dd14a0070cf8694eb4d9ba64cabf7d", "size": 1920, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/55cf90d4c0f49ae917e3be55fd7c6f951d9c56b0", "file_type": "created_file", "id": "file_70", "md5_hash": "a315cb1d834ba8ba37c17859f744778e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "55cf90d4c0f49ae917e3be55fd7c6f951d9c56b0", "sha256_hash": "3e2133964efd8dec7ce34290fdd7138c359e1746c5ac39c87044fe6bdaaa3d8e", "size": 1944, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/08be72438fa3608aa27a350edaa9069c13a136ae", "file_type": "created_file", "id": "file_71", "md5_hash": "e669f6d9204a7fa9042689d8bfa8d693", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "08be72438fa3608aa27a350edaa9069c13a136ae", "sha256_hash": "af7d105c04f123d4d91eeb22c81da67f16093388296ed0aa654ee189c73c29c3", "size": 1972, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/51b92a33abd11a0f34bc2e082484470285c4aa39", "file_type": "created_file", "id": "file_72", "md5_hash": "a92ea9f1b3902e06c687a7d6beeb4b6f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "51b92a33abd11a0f34bc2e082484470285c4aa39", "sha256_hash": "3dbccd71cf9f55d7b311a636fadb40d98fe5688c6afd0b937086b0285bd8997f", "size": 1978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bb3c218355ad08c34c34b969d189270fb6acafa0", "file_type": "created_file", "id": "file_73", "md5_hash": "ef2e526fe62e9018f01cb04b5426eafc", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "bb3c218355ad08c34c34b969d189270fb6acafa0", "sha256_hash": "0ca5933326de32802f1c9683b09b85e0d37f42005aa2a8f79fec8679952bd828", "size": 2004, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fed0929f869262fcfbae7d15d5ee201453d66da2", "file_type": "created_file", "id": "file_74", "md5_hash": "272785bce52334c936e6e6b78cd92a41", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "fed0929f869262fcfbae7d15d5ee201453d66da2", "sha256_hash": "f6229417eea5dc925e6ee4c7b2939d4d50d1b54f7a156095ddf0a558072213c7", "size": 2046, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1ff0c0834d9678e68e268c243bb4d67c2a8b0775", "file_type": "created_file", "id": "file_75", "md5_hash": "51ec8a79a04c336b368fbbbcc4034a12", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "1ff0c0834d9678e68e268c243bb4d67c2a8b0775", "sha256_hash": "0a54710c94734f2b673b6156ad037084f3ce136f68452ed44eb70975645a6390", "size": 2078, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4891eaad02a24012afe9cfeaceb01482d0d4baf3", "file_type": "created_file", "id": "file_76", "md5_hash": "6bbd5d6b6a7845854288aba5e3d2f8bc", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "4891eaad02a24012afe9cfeaceb01482d0d4baf3", "sha256_hash": "056407e4de4521ec4628e968361dbf5f8bead5f46f600c480dee96c1c484f860", "size": 2098, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1fba20a4d855bead6d68bb2cbe1450450a68d2b1", "file_type": "created_file", "id": "file_77", "md5_hash": "c94ce9d20748a727989a15609267b4f9", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "1fba20a4d855bead6d68bb2cbe1450450a68d2b1", "sha256_hash": "b3913c192892b4b833b605975543875890aa58bf7b2f69f4392237a0f72f7e9d", "size": 2102, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e64d9142066ea8d5de7c1d4316eed908e0be7122", "file_type": "created_file", "id": "file_78", "md5_hash": "8c92f6c90debf182342eec2b8ff0801b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrc.ini", "sha1_hash": "e64d9142066ea8d5de7c1d4316eed908e0be7122", "sha256_hash": "97c6e88fb00c281bb08613852fca40b94cf04307c6edf1ea057a328a8710d882", "size": 2106, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/91d0014c8f54743bba141fd60c9d963f869d76c9", "file_type": "created_file", "id": "file_79", "md5_hash": "d63a82e5d81e02e399090af26db0b9cb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logri.ini", "sha1_hash": "91d0014c8f54743bba141fd60c9d963f869d76c9", "sha256_hash": "eaece2eba6310253249603033c744dd5914089b0bb26bde6685ec9813611baae", "size": 40, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/24cb89501f0212ff3095ecc0aba97dd563718fb1", "file_type": "created_file", "id": "file_80", "md5_hash": "ba3b6bc807d4f76794c4b81b09bb9ba5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logrv.ini", "sha1_hash": "24cb89501f0212ff3095ecc0aba97dd563718fb1", "sha256_hash": "6eebf968962745b2e9de2ca969af7c424916d4e3fe3cc0bb9b3d414abfce9507", "size": 40, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/857c8fe581265d82e7e52de78a05b1196cdb441a", "file_type": "created_file", "id": "file_81", "md5_hash": "a9fdc69c2bcc2e1a034c8a7e912b3dee", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logim.jpeg", "sha1_hash": "857c8fe581265d82e7e52de78a05b1196cdb441a", "sha256_hash": "809e453d2a27045d47fdea347eb0acb4428d2d71930339e703627f08330f0b30", "size": 51029, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/66ef37cd6ce31184715c28d1203db251188fc7ed", "file_type": "created_file", "id": "file_82", "md5_hash": "4c65034f3140fb39fd1d1ed6f8ede776", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\8q-59uav\\8q-logim.jpeg", "sha1_hash": "66ef37cd6ce31184715c28d1203db251188fc7ed", "sha256_hash": "d803b2190b025c55d619d61b4ab44d5f404c8782df1f0dbb5ea4b804119dee53", "size": 72146, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5bab217563ea405bbbbaa9bd0038b6e017767f0e", "file_type": "modified_file", "id": "file_83", "md5_hash": "e3e8e4631c985b9514893fe8da368188", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "sha1_hash": "5bab217563ea405bbbbaa9bd0038b6e017767f0e", "sha256_hash": "e43a0e6682d5edb928cce1919f88c3edaf8123ecede708ad61a0df3b9396b3bc", "size": 49152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/faa8d7915f6733c93678128d032d26c150eb1550", "file_type": "modified_file", "id": "file_84", "md5_hash": "52860b79194a2bd3b1e66300587b21cf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "sha1_hash": "faa8d7915f6733c93678128d032d26c150eb1550", "sha256_hash": "b3e7c1e6e0d6859d21aadf673fc01f33289fb30ce4b39edb6ecaccc0f8ff6f0a", "size": 32768, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7e4295d7bf288b7f5a21c6ffd611689770941ba8", "file_type": "modified_file", "id": "file_85", "md5_hash": "a76886529a94b51741014e36ff7c5ffe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "sha1_hash": "7e4295d7bf288b7f5a21c6ffd611689770941ba8", "sha256_hash": "c61c078e7e21f224dc35f3ddb725d0aa07c6178c8da75163205fc5f2ffb38ec3", "size": 32768, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c6e02c929ec99f984b04876816024c3a39b88ccb", "file_type": "modified_file", "id": "file_86", "md5_hash": "6852149628dae385c68c7a9db7028560", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat", "sha1_hash": "c6e02c929ec99f984b04876816024c3a39b88ccb", "sha256_hash": "53ae38a5bdbd72f76bf578f6c36e0b54a994003f535dbc1b469c12f3a169e3a4", "size": 262144, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_87", "md5_hash": "92b408b4cccd5ca6bfb43e3d30125033", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5492b7f7b405ef7ecb8085c36d1f3daa2b437640", "sha256_hash": "ee1dd00aeca7a725ca3950427856f84d764ee54df2f7604d74905e56c4e87c1d", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_88", "md5_hash": "21ef82003e75a0ff27ae9b1428a8cc3d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "36e52221b33204e5a3b7576fc4ba2b2428b0f06e", "sha256_hash": "7aa9fc87aabfdb1afdd355cdee4d1b0ac363997a784ad355faa383da9253c996", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000004-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000004-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_89", "md5_hash": "f2fa5dd315b1a203ec38c4c41385e993", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "89527905923e5eee4790923a4c666c694cfe5670", "sha256_hash": "085963cbec57a283a77e8601a3ef0c12b674397ae374229c5c1e5823d4ed1acb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000005-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000005-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_90", "md5_hash": "5fc97af36d56a5990a50a5db144172ae", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8c3d6490e07c6fa278ffc7473dadcfe3467ce916", "sha256_hash": "d8a838d14b259a26f13d2add920883beb9e6d5e90553a579ff26d0d4b2aabce4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000007-addr_0x0000000000400000-size_0x0000000000048000-perm_rwx.bin", "filename": "process_00000001-region_00000007-addr_0x0000000000400000-size_0x0000000000048000-perm_rwx.bin", "id": "proc_dump_91", "md5_hash": "ddbd881169fad6d61b1f9b933795eca8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "277a1ea0130a1edbed7e246bc85a658ddbb31305", "sha256_hash": "38265ef4cebb506e6d34c304d337b9f955aa4a06b71c7c055f08e04f1ebb1658", "size": 290816, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000011-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000011-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_92", "md5_hash": "26c6b4e7eb2de0ca3aeb219396223d5c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c834fa57b47b5365f81718c8b045bb28f8cd6a50", "sha256_hash": "3e986e3ed1fecd1f9ad4ffe4acff9484b797ab6a7022f3f63f84df8b84404d45", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000012-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000012-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_93", "md5_hash": "6b2a2043c0df681eec72901db5594606", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e022ef59da8712387a03b86564be4d13ff349e86", "sha256_hash": "7db17ab8c5124afc7839676542fd7d2dc7f91a1caa402236075340068fd22cfc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000013-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000013-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_94", "md5_hash": "b5d222d96e3819e1461e02546fc4b11b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f2f490c8a63a4f0fd67cdbe5f166806ddbf61085", "sha256_hash": "9bc1db2c21358c2d43c42ce84c1e7721a416f0af5f682f33dc3775ef4d632d2d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_95", "md5_hash": "ee550385f3c3de50eec28719d616ca6e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7a5f99a2d48fd45d02e397c43a23a62b6c468b0", "sha256_hash": "8c48eddee00ac594d814fc5f882a4057d626627f8f00ed1ab1b2a4815fc6de6f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000149-addr_0x00000000001e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000149-addr_0x00000000001e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_96", "md5_hash": "3769b122d50cfa6a7dffc9833946d321", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71c6c1d23881bc5dd7ca56b5e830ea8cf4475773", "sha256_hash": "1f304ba290a5bda22bbe442755a55bf135c841bafbbe28f6cb17cb08e2bbe2d6", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000153-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000153-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_97", "md5_hash": "cea94aef102cc56ac0079e048290cf0f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "396afbac3cc88c3c4bec67d7775e77a9d7d7366c", "sha256_hash": "74651668b9503879c459a3a8d2fe817951af3ca652803d381bdbe91f9c7b7f4e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000156-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000001-region_00000156-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_98", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000157-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000001-region_00000157-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_99", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000175-addr_0x0000000000580000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000175-addr_0x0000000000580000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_100", "md5_hash": "242c936c9e404fed8c6faad5b0db9e96", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a25ac0d5eed065957712e34f2246198d9fbf6ef2", "sha256_hash": "6e9fe4e544c443a3b227d67e3b8a5edb083aed79d159da950d0d0fe776d57c15", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000179-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000179-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_101", "md5_hash": "8a34c1a483a91b8a54fa794a45a1c233", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c81e06a6235ec05de90f22ae3eb02eaac979cf7b", "sha256_hash": "a7193dd461b73da31975b5ec001fe8ebf9e4f390c59a4b0b1b506ac42208ab18", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000180-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000180-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_102", "md5_hash": "02fd8b8b71958a39bff3b18861e2cb0c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71c99b4560cea0e996341ad91518079c726fdd86", "sha256_hash": "e0af6c0d2e58f882e658d9e1e0d008fb8bff717b24ff5f04468f22777f3b17f1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000183-addr_0x0000000001d70000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000183-addr_0x0000000001d70000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_103", "md5_hash": "b7161d86f52514172d684156d703a704", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f3affa77bdf679051885de3efc55a562d7e1682", "sha256_hash": "296170c524ab8e12b998da9e4eeb52c83a320f332f3f2f49f40aa09ceed26546", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000184-addr_0x0000000001d80000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00000184-addr_0x0000000001d80000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_104", "md5_hash": "131268adfb221bbc344631dc7a3afdc0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b01d8524b4e0d4d2a18299c131394097675069f", "sha256_hash": "18761ae80ce57387fbd3599472d4a0eae80cd26e160a8387e9533889f91baed9", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000186-addr_0x0000000002450000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000186-addr_0x0000000002450000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_105", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000187-addr_0x00000000004f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000187-addr_0x00000000004f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_106", "md5_hash": "db4f401a6b7b5ea3f711fb856ac20d8d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64c22088fa2353c031536fac22f5d10ba6abb4ea", "sha256_hash": "059561534ac7551acf6573eefce2b69df25d33e75e3c482ffc14fa0d592403d3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000189-addr_0x0000000001cb0000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000001-region_00000189-addr_0x0000000001cb0000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_107", "md5_hash": "59b24352171a3ac39f8ebd738b3c1e98", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a8e1a3fa08492fb577c922e90c3436d248d9dc0a", "sha256_hash": "98a70632e6cf4d635074a867fc1824853f5f5297edf26d8824b156761d67e2b8", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000191-addr_0x00000000001a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000191-addr_0x00000000001a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "2ad8d713a73c884bd0ff04362eacb8a2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76f4d82251d277d736ca3ee36f5322fd8546de10", "sha256_hash": "728bb6d43b77f68d307f749e3c619b23b1fb7250bb159f82aab1df4a72d75307", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000192-addr_0x0000000002780000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000192-addr_0x0000000002780000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "8af584ddac72134c245cfa2579074814", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81ce6d7009b656fc168f67d95ca04c86ecf608a8", "sha256_hash": "ade486b0de5b0c6fc74782f82f7647786d21e541e9ecb54eee4ef78bed726d02", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000200-addr_0x0000000002450000-size_0x00000000000b0000-perm_rw.bin", "filename": "process_00000001-region_00000200-addr_0x0000000002450000-size_0x00000000000b0000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "63e90f70700e1640426f351176646116", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6810c338b6591109e76470ce61e634d4c97f503e", "sha256_hash": "9d9630caf0f60c4ceea78774c62d25e87b03af5effdde858029b61a09d48210a", "size": 720896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000201-addr_0x0000000002510000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000201-addr_0x0000000002510000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_111", "md5_hash": "1f9194760e2e5d610ada69cdb3ef6e34", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7721692e671be28682bb433b9aa3f811c779df8", "sha256_hash": "6ff616c1b997142927d7475e0df651acf7be70776ed07a7e7d863225d8b87fce", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000202-addr_0x0000000000260000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000202-addr_0x0000000000260000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_112", "md5_hash": "65bfcf72d5715e46c83bfeba0329099c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94487fa2c3be7eea12f07141c65855934efe059e", "sha256_hash": "ffe16a5399756f40e0bad6021fabd0c80009ae990d799fc6bb67620608653965", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000203-addr_0x0000000002630000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000203-addr_0x0000000002630000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "8c04e0322e8452fc05e769e118c4d91c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "387db163b441e47401657bce403f5ea776843211", "sha256_hash": "3986e7566aa52920e0157328d9f70263a4fe8ba9601276f5ac5774c86becb87b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000204-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000204-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "cba9b8b7c837200d8750c075e9ee737d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e28a585f12206e3ae0d69ae7ccd232e01dd29a0a", "sha256_hash": "9ec818e9762c9ce3c0651cd3d68e0ac6bfb2e126f813aa50ac404f171974cafa", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000208-addr_0x0000000002450000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000208-addr_0x0000000002450000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "7018d8dad5d7ba30a3310d06e0b500ae", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c26f713472cfa06f9e1597a1f626d61265d4b188", "sha256_hash": "8c7ffe139a8d7a6b02df43335fca619087c1dfa154f8d8942d6a2479123bca72", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000209-addr_0x00000000024f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000209-addr_0x00000000024f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "344dd72b3b3a63da408c921c3442a8a9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "03c6fb3764b801599a3740e273501063a2b9b885", "sha256_hash": "945366eaf9f5012d9f28d45dd4160da3fa1ab48ac85333051da0834bf352e53c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000210-addr_0x00000000003a0000-size_0x0000000000009000-perm_rwx.bin", "filename": "process_00000001-region_00000210-addr_0x00000000003a0000-size_0x0000000000009000-perm_rwx.bin", "id": "proc_dump_117", "md5_hash": "001ea373b8046c2a383752140d6a6005", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "15b794d1afdeadadbf5d793a086aedb270e8cd5f", "sha256_hash": "2c89eb88cc4b4d0288decfcab45d78908df9338f27841c57780b04cab5637692", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000214-addr_0x00000000003b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000214-addr_0x00000000003b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "9b5cd9ddbc26e337557956d76605a1f5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "287c54255061d8cd861dfe248c54f48b26dd5abb", "sha256_hash": "17ac1710dfea0b68c085c5971b6d19d44e47e294d715c8a6524e637ab193d956", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000215-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000215-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "35543ba1761dd48939cc5559c1935d92", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b7c843c227266c3c2bff142c70401ba6d372b2f1", "sha256_hash": "e4daee51cb38302954ade128cb682954732e47d9b2a1f6339270e9f83a95ae52", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000216-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000216-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "08abfc92ce962ea3af3e0c01cfb35334", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a8bc897a09d004a6c685a9ba484b5ecf3ef81f9a", "sha256_hash": "1256b6dd9b75894fe1b2584ab10fc0a5e39b64b2b9fbcf731e3454eafc6a230c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000218-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000218-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "f88b41f2b6486727c97239df4fae9ce4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cbb8781a867d0bc7911385390d0b02e8c20dd466", "sha256_hash": "5145bb63117f06f164a828f599110184d3aba460edefd31f2ec54bfe1d9eeb46", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000219-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000219-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "728bb364a336af7360985ca4ecd85f8d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4553e09190e573d0106fade0422712c12ebcc625", "sha256_hash": "88d475bda24d1f1494a154933439ea2cc7c846d597815dc45eb262c43e7b4c5e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000221-addr_0x0000000000400000-size_0x0000000000024000-perm_rwx.bin", "filename": "process_00000002-region_00000221-addr_0x0000000000400000-size_0x0000000000024000-perm_rwx.bin", "id": "proc_dump_123", "md5_hash": "3818c74d21902d0e54ec38059ce96c64", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "25be68cd63bc6fd13d234ca4cc5467784a36e035", "sha256_hash": "90ab6de2fdf2f8085a00c8b88f69cceb4ddc1f95b251aa8bbbcbb7fe78b3da59", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000225-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000225-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "061d1fab3b2d80dd03f306558dc2b145", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6d6766470c70c383555a9e0266a55ecc83801903", "sha256_hash": "d5bcc5eac264c470698ea9ecee5cbb8c35900755de6f5ec3d1a7b43949d6a0c7", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000226-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000226-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "5d37e60a229e2852c969e3bffab8fe63", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0793a19529b2949267e9b27b1e17ded3742b7a57", "sha256_hash": "f9eeb607db25d862706d3bacce9101d057f6a8b834d6a4024985a3901e6a1e4e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000227-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000227-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "fb93548493d0ea2a87815cac3d0a18a9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d03abed861ad1c58dbcc2eb1d7677ac57a4f03d1", "sha256_hash": "a2aa0c9e373ffb5dafadc7a4889da7a0a7a6b3d09c0db20a88e9e1dd523984b3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000229-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000229-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_127", "md5_hash": "17087ef6e9faa4a76301ebd1067988f9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69197053a836067b06aa3f9466fe6f390b249e66", "sha256_hash": "9d0da37b04fb42a0938c8e02b225659fb5c49a4f07c6d6d4b9d2a25c2627bfdb", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000231-addr_0x0000000000300000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000231-addr_0x0000000000300000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "d5a106811e1b49f13600ff3b4a5dfcea", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "228a558953c97f8be8ade3bdb5d0b405621a46a8", "sha256_hash": "55a7f5699340a97f0818790c62c37ad8e450bafb72f8b84896743edbef29c6c0", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000237-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000237-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "5b5d4362edc492474ea8062724f128c0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8dbe53d577b3585392fc805856ef8f0d495e6949", "sha256_hash": "a84b801c3d9a168643b1c6cb06c645ec379fadb9f94a831da73a2aeac1bb0e48", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000240-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000002-region_00000240-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_130", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000241-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000002-region_00000241-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_131", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000244-addr_0x0000000000690000-size_0x0000000000181000-perm_rw.bin", "filename": "process_00000002-region_00000244-addr_0x0000000000690000-size_0x0000000000181000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "b36159e42333583bdb2c0d8c2b9a23a9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1094639a5ce97d5f4a277c6197da28fa768b420", "sha256_hash": "b154550d0312dda4d8fa20653221b8784c7b4b4458cb03b682d23755dccdb88e", "size": 1576960, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000245-addr_0x0000000000820000-size_0x0000000000303000-perm_rwx.bin", "filename": "process_00000002-region_00000245-addr_0x0000000000820000-size_0x0000000000303000-perm_rwx.bin", "id": "proc_dump_133", "md5_hash": "6a5df9d16576449d851167e657f6df50", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "843ff3e1f203de2a0cdd89bff106145db5cfda41", "sha256_hash": "644cbcc6c1d8a27c9ed067e320782f9793b6725be059d33f214439f15ba53109", "size": 3158016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000246-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000246-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "c42740f1e0711f83d701a9cd6b94d351", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04c7a64aaf86a8af376bbac76f76d96f15db1b32", "sha256_hash": "247d09f8798faaa700715fdad596ce73cad1cedfb6e0e80bfa26dcd6d9095410", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000253-addr_0x0000000000b30000-size_0x00000000001b0000-perm_rw.bin", "filename": "process_00000002-region_00000253-addr_0x0000000000b30000-size_0x00000000001b0000-perm_rw.bin", "id": "proc_dump_135", "md5_hash": "2d28bd4916f6554b6f140326d07737be", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a87121345263fd8648f420bd376b1f1484bdb990", "sha256_hash": "2cadd8a3da162c7f0120005352e36d29340a029d392eea710eeca8909de09ff8", "size": 1769472, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000254-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000254-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_136", "md5_hash": "5d16338db26055ef0a6c4d613c9cda76", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c5e390ea9816c65ded1943f55d8e737c8399420", "sha256_hash": "fe06d4b670d8a8ab76d3dc50fd7f300f8de82bb495ba77d9d958dd5a6961fe19", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000256-addr_0x0000000000430000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000256-addr_0x0000000000430000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "093ba074ce689b252e6ace1844f7aec8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "562ac0f5b649b2f7dbc4c732ae9d5e75e5bc2f32", "sha256_hash": "152acd238e917c87a45a9ea9eca8162b538862755fa2921453868515ccde2562", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000257-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000257-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "139e1c1d846dcd3cfa2a2c8cd883c282", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8fce5b544dab72526cd7293eeaf21aed15b907ff", "sha256_hash": "9e459055ca62e15d089bde3e4ed1f628d5cfde217cd2bea17824a4e57e8329e0", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000258-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000258-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "1a1e5aaf1d688516f92026e618bd37f5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7262b790c64ad91bb663d140b6d75e67dcfee60a", "sha256_hash": "8149ef2fec286fa6b6267a5afd5b913fc40518e99b6887d6a4f814dd18ab8a0d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000669-addr_0x0000000000030000-size_0x000000000000e000-perm_rwx.bin", "filename": "process_00000002-region_00000669-addr_0x0000000000030000-size_0x000000000000e000-perm_rwx.bin", "id": "proc_dump_267", "md5_hash": "b63a06cbc07ac81eba383fabc785eb86", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "687c0f92d40cd7a1be9384a2a6479fefc3ac9cce", "sha256_hash": "f0e14c6aaa42f5c14f9c0b40fb59ab117e39cfbe9dabd427cf214b40185a4ea2", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000670-addr_0x0000000000280000-size_0x000000000000e000-perm_rwx.bin", "filename": "process_00000002-region_00000670-addr_0x0000000000280000-size_0x000000000000e000-perm_rwx.bin", "id": "proc_dump_268", "md5_hash": "5bebdcba1f1e4d82a69baae1ae513f56", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "84afe012913191841e0882f247ab276703cad441", "sha256_hash": "31e0d8c77742c66afb9f577cd7824595d5c988b2ba349bb5a411e928e3b0efbb", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000677-addr_0x0000000000cd0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000677-addr_0x0000000000cd0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_269", "md5_hash": "f8e427a3e49e89d5435a8830d0bbe764", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a14f0dd97ee6a916facf2dd33cf3f6ae09b5c52", "sha256_hash": "b7fea14c364a8a58f1a326256f289c269ec89b8db3ae8e84db25fce6d84793fc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000681-addr_0x0000000000290000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000681-addr_0x0000000000290000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_270", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000682-addr_0x00000000002a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000682-addr_0x00000000002a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_271", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000267-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000267-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "b2fce6adf9fcb869756627ea29cfe565", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ef5dfaaffafa4a54732b7eebef45cedadaf46df1", "sha256_hash": "25448a0d300971fdee4ed24ae40ebe4b02c18eb05191f4253e6b7593692307b4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000268-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000268-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "67991dab585d825a5b1f6ebbea594528", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "730969d5b899a2c8b96aa5c0cbbbb4a196b63ad0", "sha256_hash": "3629f3df6fae1834c12128f52dcaf8503f577435959697261435842c0523079d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000270-addr_0x0000000000110000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000270-addr_0x0000000000110000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "dbcb39ad25f02dc58b3b24c1e902d998", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "11eb53183e74947adfef52daa2e7413a25a55b0b", "sha256_hash": "0cca99053b225c368f891011314621450a524f53c4f2d0673f42cdf639a36a00", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000271-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000271-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "c0ed6a0eec7ade1778fe316c897b93f4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c913fc94069d4fcc30c04222cf6f4f151b3974df", "sha256_hash": "7c827cbd7aa58b15563c49b1bb2cc5c627ab9f60babd112c9313ef97d3ffe418", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000275-addr_0x0000000000200000-size_0x0000000000018000-perm_rw.bin", "filename": "process_00000003-region_00000275-addr_0x0000000000200000-size_0x0000000000018000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "ae9b13a1aac038a4ac6c7f9a3966743a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df5d106398df4ad0ce172eaa1f8ced15bb045226", "sha256_hash": "5ee2e084c0219aee7d777bd204c06e574d9bfb7a0fb80b5cd21f0ad67ae51f02", "size": 98304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000277-addr_0x0000000000230000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000277-addr_0x0000000000230000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "a64ea7b0bb326e0bb3de2ccc0bd195f5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81ebedf2556007a0ba727dac2590aa33758d37bb", "sha256_hash": "cac7e22112ea02ce0702a409f996ededc82a1b3aac5b74087d7dd144da11b8fc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000278-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000278-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "eac9b20141589fa686551c5baac8ce50", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48627031938750ede624810b2f2002657aee308e", "sha256_hash": "a6f3c2f5411de551a5dd66b9fa9d1206111992673783fbe597be5214f4dda88b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000279-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000279-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "0d68b934284ffecf2be2ff32df236ee9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9367d7de53711457fbd2a91945cb77759b3c1e87", "sha256_hash": "07bae8d943fdeca56f66e5f9831e2eeb10b3ef9e53edb5bcf08e91f08592de1c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000280-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000280-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "ed5c0e2bf21684197999cc75a412d1e2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ec72b7ee8a819ff7ec3ef47959b14d7819abb429", "sha256_hash": "1ecf9f8bef25b125fa61b2a520c1a369e4d7942639958b001519e7f57c90b283", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000285-addr_0x0000000001f70000-size_0x000000000001c000-perm_rw.bin", "filename": "process_00000003-region_00000285-addr_0x0000000001f70000-size_0x000000000001c000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "3cde430ac542c67614661840bcf561de", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "defc74b7cde20448487632f74d6168519f0ad8c3", "sha256_hash": "79e151a4c127167258bbaca271c5ee0233f16e80d50fe47215b6260696630c3f", "size": 114688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000287-addr_0x0000000001fa0000-size_0x0000000000005000-perm_rw.bin", "filename": "process_00000003-region_00000287-addr_0x0000000001fa0000-size_0x0000000000005000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "6bbbc3b795574c1ba3bd8eb896b09554", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "75751c65aa3a3a18c94caca26c52d06c2ca18217", "sha256_hash": "5e9de53841bc78fe223e7e34779d6ed52e21982de7e0beb0c198d0a4708479fc", "size": 20480, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000288-addr_0x0000000001fb0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000288-addr_0x0000000001fb0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "3f97f2dfd4fe2048e0d6372a2a85be33", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df8c7e1a1d25d431146a561d45d32d54292387a9", "sha256_hash": "7a1c25faff5b1bc7c11e9d1c46c5266ed31c4b72f5de28e40ac7494ccd42504c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000289-addr_0x0000000001fc0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000289-addr_0x0000000001fc0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "8ca845291eca6747ace141130c2b4e48", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c4b740a4ad192a0e8e543e65260014c9870f9902", "sha256_hash": "1dc2313da18f0e430fe17761d557f48713f52646c7bc53290d17591a01eca1ca", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000290-addr_0x0000000001fd0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000290-addr_0x0000000001fd0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "0e10f1e27ab38c0773fb8839dbd12ebf", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8f934d65ea8f281c06338dc95925e214ba8ef84", "sha256_hash": "3fb40b6d4e189d4fc95ca5553d6c8b1c531c23de31734470da470bdf01dc3320", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000291-addr_0x0000000002050000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000291-addr_0x0000000002050000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "135d259be1582d042dc6d2774128d7a9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "37f7e3053a1a7c36dab928d913d9a6f5338ce464", "sha256_hash": "8185f703fd4bb2c58232b55dd985edb52705611f6bf9e28b8d261eb217391522", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000297-addr_0x00000000024b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000297-addr_0x00000000024b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "3cab5e5d5b261eaba60c8fb1408662a1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63e025263bde8f80054394a62a29390ff7f26f70", "sha256_hash": "d216cd6154c3041be1410a83b72e9595833fa1dfadbf4c9ce583eaefa6ae78d3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000298-addr_0x00000000024c0000-size_0x000000000001c000-perm_rw.bin", "filename": "process_00000003-region_00000298-addr_0x00000000024c0000-size_0x000000000001c000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "32572897b1fd53401366859481aa958a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0026d5c46c91c00ecdc55d015b6f7c5f82a35c51", "sha256_hash": "3b66912da9cadf6cd7164d4547a426b7b3f5f504c18eeff4a0992b7d4542a50f", "size": 114688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000299-addr_0x00000000024e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000299-addr_0x00000000024e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "dac1beba2e1decaf20c315e7117354d9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f2f77fab53a0aa07932ba462b9c3ba9e5db583b", "sha256_hash": "64149e26e445352c88be212e7edd8134bfbc8d6e3b75cf3b2cc99c4c7e6a1065", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000300-addr_0x00000000024f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000300-addr_0x00000000024f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "542106461f07823fc2b3c57ad7fa4212", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1600f139e517bab12c975bad420fd7b45a1c512", "sha256_hash": "09dd0d581f146d0cc491a4deea4d4a68865068fe070173eadd962603fd164eef", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000301-addr_0x0000000002570000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000003-region_00000301-addr_0x0000000002570000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "613a0824fb74e5fb6ede110f9adaa46b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "093b2235faabfcf293e81f02c9179fce90e11ed7", "sha256_hash": "b8863350d1380e8d275ca661bf08a12ba18b07086811a1463790996d30619bdd", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000302-addr_0x0000000002580000-size_0x0000000000060000-perm_rw.bin", "filename": "process_00000003-region_00000302-addr_0x0000000002580000-size_0x0000000000060000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "a1107a3d4e2dae1d3672681becb2c50b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e1e64e7b676439624e6cc80e04c32530a521cff", "sha256_hash": "a3b747ef87243876c2578470e8ac83407bb1a9cfcca436a50c6062878c43a8ac", "size": 393216, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000303-addr_0x00000000025e0000-size_0x000000000006c000-perm_rw.bin", "filename": "process_00000003-region_00000303-addr_0x00000000025e0000-size_0x000000000006c000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "abd9ed07174a9d59f403f8e14c4fe17d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a230318181fb9b7094052350e1185eac06150bb8", "sha256_hash": "d84a6a512bb35a1289c54e1332f6bbc5df9e67945629ab607bbfaeebc32dd511", "size": 442368, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000304-addr_0x0000000002650000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000304-addr_0x0000000002650000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "57b43cbcfa11cefa8fe17fbd2cedb6a2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca5dbad4e84ee31dc2affc1f60b07fade1b22eed", "sha256_hash": "01386c120ad37de22c6b66b321b619cfcde82f2c4df70c9844d3fa52d34a4f4b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000305-addr_0x0000000002750000-size_0x0000000000030000-perm_rw.bin", "filename": "process_00000003-region_00000305-addr_0x0000000002750000-size_0x0000000000030000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "380709be496e11f3655c5244da892f7f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0895a2e0cfc801a767820af916adab26fdf88775", "sha256_hash": "e993ae96adfa0215dd3a2c3fe89e01916c40afe9181cec2fe4ca723c7a7bb201", "size": 196608, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000306-addr_0x0000000002780000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000306-addr_0x0000000002780000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_164", "md5_hash": "c03ebcfe0da3ea116f44e96cbedb367d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a2e15776ea7944d53d1ae35527f1b7c515915f7f", "sha256_hash": "326350df5dfb8281d119c3b2696e4717d0aa289fc69491b371c1c743dcd8a2fe", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000307-addr_0x0000000002790000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000307-addr_0x0000000002790000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "642afc17573cd020371ef4f82e20aa6a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4168e765f83c678d190d83c8852b008f6acfb80b", "sha256_hash": "ddcaa7dcf960dfe199160e2e9abb64add2488df160faf5a0a2dab379b1921171", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000308-addr_0x00000000027a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000308-addr_0x00000000027a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "f4397b90dd7f12d3b19d404a7ed3a10f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf390e68423c6522ac46b3e912718d58079af868", "sha256_hash": "3244fa7a1bf0c80273be38967a1e0f15ee81d834ff5697613315091b36459e8f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000309-addr_0x00000000027b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000309-addr_0x00000000027b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "ce490fb8fe936552131d24077e7ac8c1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c45cd7c56ff70702f3b96e949187d3dfb78ceaca", "sha256_hash": "854aeef2d6b3271c064d6995a2df4d8f5e14d793c2b91b636971955863e320bc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000310-addr_0x00000000027c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000310-addr_0x00000000027c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "6142d5aea9ef853eb9436f3017cb8e72", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8623f91a091db612001102336427848faa1c3d0", "sha256_hash": "e1d75650f9aa8b1bd400b90456bd16467ccce0b79e24d93f3498bfa01da976a2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000311-addr_0x00000000027d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000311-addr_0x00000000027d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "e06a719db4feff885fbb5157a743ffce", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92da4e6b6e33b777435b67e50cdc864963b9b8b4", "sha256_hash": "b4779c6160e3546b5e3669e9a599fb5cadfd750961c9fd30a148b36692b27837", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000312-addr_0x00000000027e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000312-addr_0x00000000027e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "95c98ba85a1cebb4c96379cd4c12a242", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "55106fdb624c9a8518a8d648182a3e9f78f9eb20", "sha256_hash": "17ffb0fc67b4cd32375319389c56cc581bba9de41da5157da3efd66dd660db8e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000313-addr_0x00000000027f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000313-addr_0x00000000027f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "8307661eb3d878555f0e8ed0a7ef5d60", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c2c0308486781191cc4fbc034bb906a02f16475", "sha256_hash": "eab17f5419dc9659c9e8889be1163cd95b55d5b48403770c67267cb6393db0a7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000314-addr_0x0000000002800000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000314-addr_0x0000000002800000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "578e9180db31a201d8bdbdb52152254e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35df4bb92682d0c81a844ae9a4ed6ee2a2a2c81b", "sha256_hash": "974a9794ab6bb12635f437e66e923697803675af692b51f5a8cec80b9422e608", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000315-addr_0x0000000002810000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000315-addr_0x0000000002810000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "56ef1d52ad06d505555adef24b844284", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "56b1afcff2e6d65e8518e9214e644a65889317a7", "sha256_hash": "0cd47e73416776ed3fbae2674a08d407bbd863c5de69ef035935fe2be23a18e7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000316-addr_0x0000000002820000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000316-addr_0x0000000002820000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "629e03d323006e7070a9bd3c1e3cd64a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "24e5006927f4ff6e1751f8e118531ffd0406a241", "sha256_hash": "66a945c75d91410cad75d0772ed3ca8a93c57678875af71a93add088bd031e20", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000317-addr_0x0000000002830000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000317-addr_0x0000000002830000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "dfdf1af47db4c08143100135873c12f3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52b3fd29869027463fbea1f7496b99913f923b84", "sha256_hash": "a94a4b57bc503d809869f6005bf6a4c754b0b6beb171213bd143b208d4b21898", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000319-addr_0x0000000002940000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000319-addr_0x0000000002940000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "421e30ed6205ccb19817f3eb65be95af", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030028056d4657a5c782236c4ade7f7408a768c5", "sha256_hash": "6c3213570419a13f60862f73e3dc040fc44078f86d09e8139be5ec9319d83d95", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000320-addr_0x0000000002950000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000320-addr_0x0000000002950000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "0dceea0d78a74423c6b8cf0b790ff295", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "09017b5104a9a484d599c513299d3cce0cfee7a0", "sha256_hash": "d5d76b369194f439499f6d833a067eeabeb0b6b95b201b09c6c30012a8bc3faa", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000321-addr_0x0000000002960000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000003-region_00000321-addr_0x0000000002960000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "4afe24933366e810e81b7c342e336167", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f5073f3cbbcc367673bd15a71dac5b237dde46f", "sha256_hash": "e2561334a3a5f3306d24b36e8c9958ba3d0fa5be332c388a212d4a8cf3226056", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000327-addr_0x00000000029e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000327-addr_0x00000000029e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "49b88ca3ce0a3159d895701080c53deb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe345d8d1cb0885ee3143b856aa9439da3df90b8", "sha256_hash": "a91cb42db9793f7d116ed66893378f588831854f7ab0f30ca5b403b2f34e5316", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000329-addr_0x0000000002a00000-size_0x0000000000048000-perm_rw.bin", "filename": "process_00000003-region_00000329-addr_0x0000000002a00000-size_0x0000000000048000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "789e06386dd465b040457940bd9fbd9f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "97265cc0e5465371e1ad1c0130bcb4798b5e5b30", "sha256_hash": "2c90b467313027f8a764c4bdd263586acf26286196a8030b4a16028d6316c110", "size": 294912, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000330-addr_0x0000000002a50000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000003-region_00000330-addr_0x0000000002a50000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "1f1907b870d19ab5c03873ce4329c921", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c871dc90fd49ff28282641747be8daffd64ef778", "sha256_hash": "4e9a918f16d42dadd4373bedc50f5b83ead0ff9a6f0d674a14380ac76081f553", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000332-addr_0x0000000002a70000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000003-region_00000332-addr_0x0000000002a70000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "56aa22371e3f20ebe0fd4cd9a665f8e2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d540e1ab8b035f54f6bb80762c7a1e1ab9a3ab5c", "sha256_hash": "0134cb5b971c363263d3fd5b69f1ed472c4dbab613c90397855253d33303a495", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000333-addr_0x0000000002a80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000333-addr_0x0000000002a80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "45b886290293ea1462e4d8ef1f27bdbb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88b555a1933b53ec50816f7e09439a00aa5bc698", "sha256_hash": "9d37111703d0d2b5e1c5a3583474e03eb7bafd083fe3fe3c57536b3a7ecf3ad7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000334-addr_0x0000000002b80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000334-addr_0x0000000002b80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "4edc1a17e9bb6510253c6a9021128d93", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3fb1566914b1088840552c648de912629837401", "sha256_hash": "e25999317f7bfd82336c0589c2ffc1143a637f4132abd987b8c925d3347755e9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000349-addr_0x0000000003200000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000349-addr_0x0000000003200000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "7fc03c231cca31e749453c7f98c2b36b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85a2e311685cce4e4e19616e5ddbea7fa1989ab6", "sha256_hash": "8d387723e2bfe4ea98bd3e4d2f7841212bfd633fcee8678a733b61cbecaa3fb3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000350-addr_0x0000000003210000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000003-region_00000350-addr_0x0000000003210000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "394e7004167ba22b7d7f57d4481d74be", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a503df0e02b5fc14ecb6b2891176ced29321cab", "sha256_hash": "7fd17dff8664a3f652c80fdb7b40f2750dd12ec391c07240047c25b13a53bcc3", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000351-addr_0x0000000003220000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000351-addr_0x0000000003220000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "0e2a6dcf9f7aad004b57f2b31130ac6e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9302e5f15cc3897843f2a4d76c096707cba133f5", "sha256_hash": "ded07ae5458607ece77ef3b3358bc38a6ab8d589a2c55b973f2ae6525e6f579f", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000352-addr_0x00000000032a0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000352-addr_0x00000000032a0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "a10827f4f76366b7e54ab02195096395", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2e3310eae932f32e76d232012016234b4ba7fd9", "sha256_hash": "63bef85c9d7250060ceec078f409359608a66f17bcb71585523d8a622de1d4f5", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000353-addr_0x0000000003320000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000353-addr_0x0000000003320000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "f261423f59306c52d8632daf66979117", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "764815b5baa8e69b31b0a20468e54aa4afb0eeac", "sha256_hash": "3a5028688588e20ac51a6f25a24aae3e5d0a6038cd0484c4e3e398055552bd51", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000354-addr_0x0000000003330000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000354-addr_0x0000000003330000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "e9effb42e40e982db92aed04e6550e1f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "001447358dad6d8ad0f9c5ba805700b802dcf84c", "sha256_hash": "c23739ce844e40f19652be9e73566c3c6c7664f1d60a96b8bafa108cc86ab721", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000356-addr_0x0000000003420000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000356-addr_0x0000000003420000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "e6583fa0e9dfff62d2f7c762b6053a6f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "031d1cdab4d46047fdbb8c308c9cd4aa189780d1", "sha256_hash": "bc6579a080751997e46f2a2a495081b17474469223cf9b61f81b4ded4ef0e98c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000357-addr_0x0000000003430000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000357-addr_0x0000000003430000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "103be80fde4b7944d35c469679b71725", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "286f67105d7d13225268d38ee0f0b48fbed0b91a", "sha256_hash": "0c191200c8f3aa12064c687b5daf7ade201752e59a226742d3858172c9fb234e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000358-addr_0x00000000034b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000358-addr_0x00000000034b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "904a2320214f7e7c690d0e4923b48abb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40ce34aca739f5c6b05be61f40606eda834f9b7e", "sha256_hash": "78ec5282f2d095c7b8cdc59ab7af2b0359a7eae2b4caed66c8ed71ba1673a093", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000359-addr_0x00000000034c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000359-addr_0x00000000034c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "df45120d09ad3ad57d8df7fd94ac9064", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8727a18a6488671ba5dbbd55734897aeeac7dde0", "sha256_hash": "d6fee6b5f4b288658930260f3e71dbb8d2b5e51a0e772d5bffd1e8afb4f7659b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000364-addr_0x0000000003510000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000364-addr_0x0000000003510000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "58c6470283798d4866b0140b86621c46", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c20cb8d86d6c645cd885dab571d324bdba1fbeeb", "sha256_hash": "962d3081829ef6fd2717fa8d360bd6667d975bac2065fd43557f3c5e0bdd816c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000365-addr_0x0000000003520000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000365-addr_0x0000000003520000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "19ab92a58e8a7ffef7eb47972878924a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fea54c1b25596c363da28f903ec1a47a684a6fba", "sha256_hash": "d4470b0d947e8ee6776ad9d0f2574632c89dabacd58388440c4779a0dd61361a", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000369-addr_0x0000000003ef0000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000003-region_00000369-addr_0x0000000003ef0000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_197", "md5_hash": "112ccc150ae3f981ecd31c8418c6265b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3aa973815145d3818c50defcd1715321736f5d30", "sha256_hash": "60c557b4b316a95f717968e4951f91ea8729e1cffd635c4847ecc38d609a9e0b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000373-addr_0x0000000003f30000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000373-addr_0x0000000003f30000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "e704a8dfe404b6702f34d2db3daa59cb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "46711ac4587c458b94feb18278a9b62f6e8cf89e", "sha256_hash": "35c169c3a7655fdad15bfe17eb84a633fe5e06bf3a832944a018f68fa13f804b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000374-addr_0x0000000003f40000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000374-addr_0x0000000003f40000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "9e466402d16234d8c6e9b9d31d811ad1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8143b97f6a2c2ed051c5a1f2350d7204d7ec210d", "sha256_hash": "4a3497b76734c04808b33097c0fef5f3ec87d6b872b2c503478de28be386ac82", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000375-addr_0x0000000003f50000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000375-addr_0x0000000003f50000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "e7a82302e7fe36f1bc37912a139c18d9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6403c6e99d9a3590932c78536a49a8eb8074b8b9", "sha256_hash": "fca0f2b85f54655e9be7fae0dc09c2ac1dc12defe0136c1982733164cbe04b44", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000376-addr_0x0000000003f60000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000376-addr_0x0000000003f60000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "8ccc6e60a9717f28964e915605e9900e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a66fbaa7b1f3f0d6d3fc76ecfd9675ef822de5b1", "sha256_hash": "e38d6c7441fd141d042d82b35dffb94e0b3c9e928f40178284db2813ce1084cf", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000377-addr_0x0000000003fe0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000377-addr_0x0000000003fe0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "100846415df1d354857a1ee4be9b1719", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2b8f8fe049f78d65a0b4c9eecf045bbeed129ae", "sha256_hash": "f963610999a7ba96a25976746da9fa4e4be56065544f9e3ae3f34ccfebd617dc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000378-addr_0x0000000003ff0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000378-addr_0x0000000003ff0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "bfab9788e9565cb7f8ca91978d47e8e5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6559d145baeaa33e4c44a9daabf4e2b17051aa30", "sha256_hash": "57be04ff0b1ea347626fa6f19e8b5b6cf8d50887ab12d5299d900b60ca82cbc1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000379-addr_0x0000000004000000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000379-addr_0x0000000004000000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "bfab9788e9565cb7f8ca91978d47e8e5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6559d145baeaa33e4c44a9daabf4e2b17051aa30", "sha256_hash": "57be04ff0b1ea347626fa6f19e8b5b6cf8d50887ab12d5299d900b60ca82cbc1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000383-addr_0x0000000004040000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000383-addr_0x0000000004040000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "695bd0ea3b75c9748da2285230e4e5b4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ffd942c488f5e72ace2dc3bcb6d1b68c93ca97ea", "sha256_hash": "3764476a4b805b9018dfcfc1deb21450ae32e13e29fb3c798799c2842eaa7f64", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000387-addr_0x00000000040f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000387-addr_0x00000000040f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "b1d05419e01c4f755b6dbdd20ee88400", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72072ae970ffd28f9a4654e709dfa6cbb60c0908", "sha256_hash": "106de9ac3b7c5ca0769f91231fba3ad0fd6a59185356374adadfa33bd6dc3526", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000388-addr_0x0000000004100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000388-addr_0x0000000004100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "b1d05419e01c4f755b6dbdd20ee88400", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72072ae970ffd28f9a4654e709dfa6cbb60c0908", "sha256_hash": "106de9ac3b7c5ca0769f91231fba3ad0fd6a59185356374adadfa33bd6dc3526", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000389-addr_0x0000000004110000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000389-addr_0x0000000004110000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "8d631c56b28cf0abb0948d990d7acae3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07071c3a0581c7c4a34cf4175a799094e9902ba7", "sha256_hash": "f8232281d4fc2517d326de4ae3dc4623bb2433033b605dff82f31005347ade64", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000390-addr_0x0000000004120000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000390-addr_0x0000000004120000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "8d631c56b28cf0abb0948d990d7acae3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07071c3a0581c7c4a34cf4175a799094e9902ba7", "sha256_hash": "f8232281d4fc2517d326de4ae3dc4623bb2433033b605dff82f31005347ade64", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000392-addr_0x0000000004140000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000392-addr_0x0000000004140000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "cf5221f4e2f108755effa44a0da91ad7", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ccaf901919a6acc756a433c96f26c5bc63818f5d", "sha256_hash": "d4f866d357e0edc93bd41e43149998908978405cd6ad967db63d777ad113d1d1", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000393-addr_0x00000000041c0000-size_0x0000000000050000-perm_rw.bin", "filename": "process_00000003-region_00000393-addr_0x00000000041c0000-size_0x0000000000050000-perm_rw.bin", "id": "proc_dump_211", "md5_hash": "ee9e8d16aca83615c37a249329c43a8f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "611b849ad77033fc8a46eb46fc836d143307a545", "sha256_hash": "8489faab0ef633e8118d00dc38f43513f760beff7e40d972926eefbe7a064751", "size": 327680, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000395-addr_0x0000000004220000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000395-addr_0x0000000004220000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "549bf79a75faf82a3325013366d66106", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d9d625f7dace464534a5886d8c627ee1d73720df", "sha256_hash": "a714d78873a76fe67e37f6b7db233d0adbb2feab04b9e887e86a3d58143062a0", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000399-addr_0x00000000042d0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000399-addr_0x00000000042d0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "b05c2b21a7f4509d87bbd01aa3804331", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e5cd60afac9ea34339cf0017acb7169d5a8919a", "sha256_hash": "77e3ada462f65f798c3b69ae9302b8f48ec34c6707c6d272c4429338f92b7c87", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000405-addr_0x0000000004330000-size_0x0000000000033000-perm_rw.bin", "filename": "process_00000003-region_00000405-addr_0x0000000004330000-size_0x0000000000033000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "c3551dca1115954dd3987e3187965082", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b7f946dc402f3a46037464cfc5666c755ad56a69", "sha256_hash": "dd9be4f9235824b63e8e4d9e12931559af2e742c6f75f4c57ac74b67b37bf38c", "size": 208896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000407-addr_0x0000000004380000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000407-addr_0x0000000004380000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "ba354af127ca9e569e00dc996c7be3bb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "978a1ab60d9bfed5fe1f07a98a348d9824933598", "sha256_hash": "967966183bd8cad9965b7341ddb2ab832d0b468dcde0e9267b56808d9162206a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000408-addr_0x0000000004390000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000408-addr_0x0000000004390000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_216", "md5_hash": "0b03c4ba0a43435c45e876074fe60b3b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9032c7d5f364f640a18352187d02be8763a7e9c9", "sha256_hash": "8602d32b7d03ae55b453441fe69ff33e120f41be61e0cf48a0942d6792dfd2fe", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000409-addr_0x0000000004410000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000409-addr_0x0000000004410000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "80453dff3bf99a3f0d90963795856533", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e921d5e39ff6292976953030ce1e1fbed04770f2", "sha256_hash": "ded3f738e6f9d6480196dec7637c0cc12ab474694fa384df893498f40ed5e84a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000685-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000685-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_272", "md5_hash": "692e087a7891251c524b2907f0b912e8", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1d56b585c051ee020f1462766e34ec5263b5cdc", "sha256_hash": "b98bc29969c1737b4bb90425bfbeb3f56aae676220952aabf420fddefa73328a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000686-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000686-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_273", "md5_hash": "b94297f942de443fe28c9323ee8bcbd5", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "70018dc95cd0445227864fbbba92c9fdb0ddf7c0", "sha256_hash": "ff89ad17d16793003da16ac7a7ba0e466c7ff9f1e754342cae6934abe3a35684", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000688-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000688-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_274", "md5_hash": "22c4db18ce57aaeaba6167cc04dbd7f5", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "453934a9c0cdf5388798974f873be216e467b423", "sha256_hash": "ce26346ebf11dffd17753053a651af333b183715f5cb9980aefac5bba874efed", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000689-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000689-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "d6f9e8a0222f3e103ff2c1b63df9f0d4", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "17c79d4e5f97597fb7fcebb9494e3a3b94572cd9", "sha256_hash": "dc55bda397ae9c98aa467e9b1935ed41661361467a2e6706b98b9b03b0c77670", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000694-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000694-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "417c7ec349e5ac15c52c719f7d4bedf4", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4dc8c595309356e1fcfce998293476970f974c42", "sha256_hash": "3c1f07c0b5253394424bd889d97f5c8db24389a2259ae3c81cb4d84c9cbbf4cd", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000695-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000695-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "7b8d77e014bad16ca9a44f97ff809c40", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6041b47ed4e706d6824ef6862e25d6f1006fad4", "sha256_hash": "3a52e0c5b4897b3c6f9e506d194004283dfbe7548f00f6aca8244cbaed2d6c3b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000696-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000696-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_278", "md5_hash": "bf542fa58396b81e64d505d0d1d39c2f", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b3bc786c6408f2933b8ca518a2e7df2b6aa24fad", "sha256_hash": "6cc452219aec8863598bff5ae549af2cb3fd7ac184d4d9e38821720df245f30b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000698-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000698-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_279", "md5_hash": "ff030e89156a1c0cbe511b61ae6f0600", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2bd61a97b9b29344d2859b88e25267ac8e596c78", "sha256_hash": "3a47931e2e7989b75c6b4ee85e0e7738a27590d34155915c0960f794f7529cec", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000700-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000700-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "e8e80b0709175dbd62c3d7f0e5589372", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cde830e4031859404006931f7ff2a89459a07f5f", "sha256_hash": "253de438634958226657e2781c2e5f5118ba7f093cca71ab5b42e3e03b7a54ff", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000701-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000701-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_281", "md5_hash": "6ee9e4b2d5352f310958765415642d86", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc65ed4dc7a3d4b63592076ed05dd149070705c0", "sha256_hash": "e615ade04820fa8b8164bb7de7978a62404d60233b363a7fff3a2f29a5388ec8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000705-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000705-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_282", "md5_hash": "9c0b813d3c8d498b3934674683317c0c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "61fd0e705568a66f8a33b41d8697748ba9d286a9", "sha256_hash": "53ad61b47b662fdd402961a236d059b861424bb1625522b53578495959e6a778", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000706-addr_0x0000000000160000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000706-addr_0x0000000000160000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_283", "md5_hash": "486cd3f5fd901578a2e443b9c703f843", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d1f3ed9bb28c953f709872eb8d46a838a3aac203", "sha256_hash": "a2e8f675c693662acc2159b35482483a80947404dc18c5ab3cf2cff8bb534c96", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000711-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000711-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_284", "md5_hash": "6c7ae4d7f65f8a7b19507ff2b78f52f1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "923e822b8d5a83c394f15f8a3cb441c513d5a1e3", "sha256_hash": "ec077cdf8ed6e6c4427d9ab1540fa0644ba05e95acdbeb260b93916008d8afb1", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000712-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000712-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_285", "md5_hash": "6e020a8bb51a16e1a7b1d6a6eec7da24", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b5fb3b2a1999dc7a7977d28be16c810c90e86e8", "sha256_hash": "7614c205c1fb9649522ad0be5ebdbd2161b6c0ae931e3a2cbc3ee5d7af1f9314", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000713-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000713-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_286", "md5_hash": "a1c164cc3a29d7f5897c4a1eb15ccaa8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cdcfd6006f770e13be3a8b76afe494b2315fbcbd", "sha256_hash": "a2dd80476d3fc8538eecaf448025edf9aa57147e278d0d4afc77ce01cc27daf8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000715-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000715-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_287", "md5_hash": "948974c79e255f1c7856dde1b0620cc8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af4efff00f114f65f0ae6064106cf35a80e937cf", "sha256_hash": "fb2c9b3ed20d84860168b2acb5a90d32c0efce97daf9ed58970655000f1a320f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000721-addr_0x00000000001f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000721-addr_0x00000000001f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "995f3f953fabb278288de74487545ddd", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "872d95c44abd95c56c4d12912555409133f68f65", "sha256_hash": "6ce68a27056872b170be26cb63b9ec3bc0a20ccb40a1112c5a126d28212dba93", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000726-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000726-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_289", "md5_hash": "c5de79b3c265823c39e4e59cf748b53b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "060d326ac7a321ceb2cf882ef19227eaa7f01e21", "sha256_hash": "0957a6c3c806863a431ce94e333ad0a3db7b4c1720f7f5b5da90f3516c5c7222", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000728-addr_0x00000000004e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000728-addr_0x00000000004e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_290", "md5_hash": "62ce76ebc582d744ca588c07888892b9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8cb9c4cad7111662f29bbc5a184a06129f71e83", "sha256_hash": "46e5677bf39da0c649bb4c30489fcd4740d969a1f64f5fef29e4c0008a429e6e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000744-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000005-region_00000744-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_291", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000745-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000005-region_00000745-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_292", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000754-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000754-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_293", "md5_hash": "c7867c8478acf76c179f5a06e18e258c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfa47133382b33a0c51ff1b44f236126326a2920", "sha256_hash": "b4e247ee07204f0dfaa74184dd3203e41d962c137cb1b4b438ed0bcc9d1639b5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000755-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000755-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_294", "md5_hash": "922c6dc3ea41d5c5bff7216cef5460b5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "02aa11b9f81f21f42c70647a314d9ee63b88e248", "sha256_hash": "2d0ce530d716915f08652ea62195a1929f5628abaeafa85fe0488629e6927dde", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000758-addr_0x0000000001e00000-size_0x0000000000181000-perm_rw.bin", "filename": "process_00000005-region_00000758-addr_0x0000000001e00000-size_0x0000000000181000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "d51cdedcdc0650943562f5cdca93d72a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfae861232ceeb203afd0a50173b6c9af9ae5c75", "sha256_hash": "1d20661585318b6ae2854f24ac6320d521620d6cd9cf42354bde3266bf0e03b4", "size": 1576960, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000759-addr_0x0000000001f90000-size_0x0000000000303000-perm_rwx.bin", "filename": "process_00000005-region_00000759-addr_0x0000000001f90000-size_0x0000000000303000-perm_rwx.bin", "id": "proc_dump_296", "md5_hash": "775c0c43b743c582729e4d2ab9329ea7", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91574ab3fd754e641c5af8df0f344c075c77f48d", "sha256_hash": "66b177d0801d0d6bfd537477220850370111ed99b71b7928265421bfdbd397e0", "size": 3158016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000760-addr_0x0000000000110000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000760-addr_0x0000000000110000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_297", "md5_hash": "962c683dd14272a77cf378fbcf616e78", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2adf17cbdc45c2e763453ebfe539981abf7173b7", "sha256_hash": "5a560bca4ab675cd29233ddbf6144e4bd9bb39a215bb28586d87e5e5c7b8ac57", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000870-addr_0x0000000000430000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000870-addr_0x0000000000430000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_330", "md5_hash": "ec4f74b607a9ec83b5a984f09899464f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "645507c9e4a4d470a70465737e92dd017c188605", "sha256_hash": "f173414d7622d45267bb6e5a55895e2fac2635d787a36e2915a01eda93811159", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000871-addr_0x0000000000470000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000871-addr_0x0000000000470000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_331", "md5_hash": "0a8c127a30d955250d4c0b8ea4c67e27", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c291d21fa8e42723a121f629918eade05908c75d", "sha256_hash": "a7d4247f060a8bbf0ad78d663a29a8d5c8fbbf700b3f78b16777f749a45ae66b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000872-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000872-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_332", "md5_hash": "7c3239b3bbb2a8118a4b7066e7fe2cd5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "561ecc8a9d77bcbbffd55cd226cc13eed8495b42", "sha256_hash": "48fb294390fb5a0d7189fc857060f2a0aeb8783386adff15a4cd2384b60686a9", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000873-addr_0x00000000001a0000-size_0x0000000000024000-perm_rw.bin", "filename": "process_00000005-region_00000873-addr_0x00000000001a0000-size_0x0000000000024000-perm_rw.bin", "id": "proc_dump_333", "md5_hash": "cb420871f4f104fe5af0eec9e47b2552", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "255c87cbbb273bd6c4a899dc182cdde4f1637461", "sha256_hash": "54ce9145dfbb46b448a94f6d67d8a7dbb3c51f90d648b069fb07d7bbfd53a2d4", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000874-addr_0x0000000000810000-size_0x0000000000065000-perm_rwx.bin", "filename": "process_00000005-region_00000874-addr_0x0000000000810000-size_0x0000000000065000-perm_rwx.bin", "id": "proc_dump_334", "md5_hash": "3a7833ee63abd523e60912cd5268b195", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b22a37e3e1ebb2e605096be0d65161f6393124d8", "sha256_hash": "49418aceb63c09bd5b34c7c0956bb37296c0b4647cea7f14aa0f98eb26e9f89e", "size": 413696, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000875-addr_0x0000000000880000-size_0x0000000000065000-perm_rwx.bin", "filename": "process_00000005-region_00000875-addr_0x0000000000880000-size_0x0000000000065000-perm_rwx.bin", "id": "proc_dump_335", "md5_hash": "487d0d60e164c9645c7dc0be534674dc", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7096ecf834a60bda957235ca4a926a41f065c549", "sha256_hash": "61493ac1fa9de0e58e65e24c30fb946fd9ba33e99fafe2df0fab021c51dc09df", "size": 413696, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000876-addr_0x0000000000140000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000876-addr_0x0000000000140000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_336", "md5_hash": "b56aa4cb6b32860a2864031173239650", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c0bb645b6ee2acc71ac8707293fbaba767c23c7", "sha256_hash": "44a12beb69dce772c382d7f8bfd87d47ccd6bf332d84206445a8691783c1db29", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000878-addr_0x0000000001e00000-size_0x00000000000fb000-perm_rw.bin", "filename": "process_00000005-region_00000878-addr_0x0000000001e00000-size_0x00000000000fb000-perm_rw.bin", "id": "proc_dump_337", "md5_hash": "41cbcaa944728c7cdb36cc5a9047d82a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "849f81d744f619af273a304287d523afaca90119", "sha256_hash": "8ed095f7940870cdda3323f2e0ecbf57b14d6f361c7477cabc15718f47840721", "size": 1028096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000881-addr_0x0000000002790000-size_0x00000000001f5000-perm_rw.bin", "filename": "process_00000005-region_00000881-addr_0x0000000002790000-size_0x00000000001f5000-perm_rw.bin", "id": "proc_dump_338", "md5_hash": "021925b5b6fc61a17c949916592baf5c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b709eb65c8036009292e60e61b077337667d5dc", "sha256_hash": "9f3774991368511c44ab2f86553139a31fee8b658888cd57e2a4b7dc497b43a6", "size": 2052096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000883-addr_0x0000000002990000-size_0x0000000000210000-perm_rw.bin", "filename": "process_00000005-region_00000883-addr_0x0000000002990000-size_0x0000000000210000-perm_rw.bin", "id": "proc_dump_339", "md5_hash": "c35314f0778e917b69703e7cf69edc0c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "198287860aedf0435109edf531247dcc755db6fb", "sha256_hash": "f97053a0d6f3c4d8c40ceadb27b919037ca1ddff916373250ec822268627244a", "size": 2162688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000905-addr_0x00000000002a0000-size_0x000000000000c000-perm_rw.bin", "filename": "process_00000005-region_00000905-addr_0x00000000002a0000-size_0x000000000000c000-perm_rw.bin", "id": "proc_dump_340", "md5_hash": "005944990b6625c8b0a46b715f17aae8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65dc048e00fe1de1429d62a5909298e72b40ee4b", "sha256_hash": "178f66b27f69cf60e2a4877377abb27c2db26e27907fa44d8ab6d3bc03f2114a", "size": 49152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000906-addr_0x00000000002b0000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000005-region_00000906-addr_0x00000000002b0000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_341", "md5_hash": "52860b79194a2bd3b1e66300587b21cf", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "faa8d7915f6733c93678128d032d26c150eb1550", "sha256_hash": "b3e7c1e6e0d6859d21aadf673fc01f33289fb30ce4b39edb6ecaccc0f8ff6f0a", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000907-addr_0x00000000004b0000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000005-region_00000907-addr_0x00000000004b0000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_342", "md5_hash": "a76886529a94b51741014e36ff7c5ffe", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e4295d7bf288b7f5a21c6ffd611689770941ba8", "sha256_hash": "c61c078e7e21f224dc35f3ddb725d0aa07c6178c8da75163205fc5f2ffb38ec3", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000911-addr_0x0000000001f00000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000911-addr_0x0000000001f00000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_343", "md5_hash": "ce383603c9c7f5bf8f8ea58d5dc6a659", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "782fad5c9a73030d52b93542c4ef42875e5a881c", "sha256_hash": "7d17fb47f55dd811ea79dbe57052f62fd0c58eb6bafbb4f509f656adbe47ffd4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000920-addr_0x00000000027d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000920-addr_0x00000000027d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_344", "md5_hash": "6c4485b03e2ab367131b98663a97d288", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d00280257563a4147d1a7c6544f74a1b1f02f400", "sha256_hash": "cb932869771ebe724a71a6a4e5e3a116048b4475bdacc7489f4fe8f32715e539", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000921-addr_0x0000000002810000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000921-addr_0x0000000002810000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_345", "md5_hash": "4f25b006dd302454708d68c6e4074f4b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f78c292c22320f4d77d56e14249761f8c8f83b16", "sha256_hash": "52c079ff4faf768710282092c8a74eca1228493c87fdbda1d842e1508a951557", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000923-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000923-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_346", "md5_hash": "45bf6eb25256d9fc00d844f5a3598612", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ee119bc27b7770306e8cede4c4b98fc34000c60", "sha256_hash": "646bd8ddaadf4688900e40f8b15c39d151ed5c6dab18751d93cf0e0cadba027e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000924-addr_0x0000000002850000-size_0x00000000000e0000-perm_rw.bin", "filename": "process_00000005-region_00000924-addr_0x0000000002850000-size_0x00000000000e0000-perm_rw.bin", "id": "proc_dump_347", "md5_hash": "8909eeac08781f72ed08b8bca198d9c2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "712faadf1acc4b61093a14fa5b5ab93f713e684f", "sha256_hash": "c8a19af4d7c95d1674f32c3790b5337d3c204171fbb311cc4e460a68e2af482b", "size": 917504, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000925-addr_0x00000000028a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000925-addr_0x00000000028a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_348", "md5_hash": "7c971a24e3e803c920d5bddb90c5bb50", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "893ff393b3ed1594beeb6e50509f0548367e1d18", "sha256_hash": "d71e47c7a1ea64ee762609b28ef04bd20dc9b38c2c7ca31d5878aa3ca99a8af0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000926-addr_0x0000000002920000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000926-addr_0x0000000002920000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_349", "md5_hash": "2a8caa437d4edd5a830700508e672b61", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "812149cb978474a0fa66b50af980b1d2837ff4b0", "sha256_hash": "1512393954bb610c8544407a9bb66471c8e2e16d9fbd789484813e415cf351d1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000927-addr_0x0000000002940000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000927-addr_0x0000000002940000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_350", "md5_hash": "3b73d14167725abd05333f1058fe8b5e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c899fdd420b37118b7c08dd631a8ad75037b9d39", "sha256_hash": "3660bd7c784b3d13625ffa9ba4d9dd02cee50bc02d685f68c57baf027e9bc259", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000928-addr_0x00000000031c0000-size_0x00000000004f2000-perm_rw.bin", "filename": "process_00000005-region_00000928-addr_0x00000000031c0000-size_0x00000000004f2000-perm_rw.bin", "id": "proc_dump_351", "md5_hash": "e16999eb007b45f35a76b4e98c759740", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "adfb97f3dfac46ce239cf58a36b59df3b9eb8c05", "sha256_hash": "2baba9e4b2298f360308df94c043ca190933ad31dfb6dd359c69d9631f5547be", "size": 5185536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000929-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000929-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_352", "md5_hash": "33a6d6a7063a085d2079195b75328352", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1312af71d50c9d4aaf48e15531583ca71e1b3399", "sha256_hash": "622440e6b64327f08aab6a61d928456946dba0ce96d786908ae320d7b52d1a2a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000930-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000930-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_353", "md5_hash": "3b99db458871659b1b607dc4d0d43d7d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "98cc89e55543c3967376e71d748daa2854da7bde", "sha256_hash": "010a4396e00d90c91094d1c9dfe35c561559f7fc127c577a81c1268cba68c332", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000932-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000932-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_354", "md5_hash": "79fca373675924735a2b7982aa966372", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "24ea88a5fdb65f19d27ebfa0d7524890fd215519", "sha256_hash": "5508a52ca4ec84343493a9be06448d54f6eafffa817a6405e3344abaf6ab4616", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000933-addr_0x00000000004c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000933-addr_0x00000000004c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_355", "md5_hash": "70a39424ec3f4e7d4dd013431ae6115e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8a97faa38eb9f94cdcb0e47450c507c4b223e12", "sha256_hash": "2d277fe65b312db3f09956bec8e71156d33519a2f24f8ba9a64506957e1bfe38", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000934-addr_0x0000000002980000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000934-addr_0x0000000002980000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_356", "md5_hash": "9959c521851361aaebc75409054d2828", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a4ad83efbca7163301aa5b212300efa7723cf45", "sha256_hash": "8bc71abb17ea9776cc9c081ab83cebbd720c076103a8c1d9707de23fea0189e2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000961-addr_0x0000000000140000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000961-addr_0x0000000000140000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_365", "md5_hash": "cb3a05aeac672fcd51b51ba879235155", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1648aeed6b8f75d9af48ee7439fe04ff7fe94eb5", "sha256_hash": "d78d4c955e6c9e9fc2e36367cfd329131c9f00fe617edcea4c2591084b566a7d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001018-addr_0x0000000000140000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00001018-addr_0x0000000000140000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_377", "md5_hash": "53888b8d62478c059163eb7da95827e8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2ab35467710cce9ac1e305b561157be1983885b7", "sha256_hash": "3dfdbdc7a83c3813c3c8fa55a042da435e0ed1d98702907060d1dae329104a78", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000761-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000761-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "dfe9b5521ad74da765cf06a8430aded9", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c34a2637945798149b33c6f34687e70b54f36fb4", "sha256_hash": "ff7f24281ecdfcf46faf3c29dba6b2ab6e269a411722fb40f25f5afe733cb216", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000762-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00000762-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "dba172e633e787c91b6e5687d712b27a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40f639aefcc68fd0a76e45d2573bff59be991c9b", "sha256_hash": "ecbcb6433f425f02d14520f770cf3dd0ed0fc12638412257eaab4d2621908a76", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000766-addr_0x00000000000b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000766-addr_0x00000000000b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "6749d49868253b0ffe47aecf9a74e22e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e3fe26422643b4c7acaed959ae9cd9410e882c9", "sha256_hash": "9ea7719fc2b886027bbbbfb6d8c1555e04a957d1954fb869deedc9bf361b77f4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000767-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000767-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "a3aec644df02dd4bbb01d80b3690f412", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d9bfc9630fd6b348b9c1ccd50350b97f946b6df1", "sha256_hash": "c159d11025ad870cf51a29ef30aa793a644ba9bd26b78bfcb15067bc2cc83af4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000772-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00000772-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "65d18a3f233b5ce8d7ca3335cbdd1d3d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f63abc1a61b8e90580d6afcf6857c97ded6c646e", "sha256_hash": "9c080a292e982eb46188078c086fe30ae93ca7a0ce5e5dc0c91dc7bc7ba79a79", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000773-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000773-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_303", "md5_hash": "48e0fdca46c32d20669ac1c4b3db97ce", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64378f3ef1830e69939002db39c00faafa26c341", "sha256_hash": "35625be09a422aeb6a0e0208acb47e9f8600a9e539543c503cc0370715df681e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000774-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000774-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_304", "md5_hash": "1e01807df4f2b0704a571a0120584354", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "598ec63a597b9723687ca199321cb7bdf046b8ee", "sha256_hash": "c47529ee70c096f8ed57d61e30b3c9091f297e80cdf9c913d89808de6ba162e1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000776-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00000776-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_305", "md5_hash": "333ca5916a066f1857fdb2d4ae472092", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a4b01050cad99107ae464ba437f562350563c659", "sha256_hash": "18b357fa6f87189ed59f4165eadaa9cb6b5a5b7b246d25c6052ed1a89dc950c1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000778-addr_0x0000000000250000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00000778-addr_0x0000000000250000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_306", "md5_hash": "9a518553a56c72c04d0ee91955d3f207", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b99e8c16425f07004a1e970375987ebb79c13326", "sha256_hash": "dc001173a50fbe667170b3d93f16f3a73ebc2dc9eda028da6cb07f025d36dea0", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000782-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00000782-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_307", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000783-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00000783-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_308", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000786-addr_0x0000000000330000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000786-addr_0x0000000000330000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_309", "md5_hash": "58b26b6385d2af2f3cf920a98f89f50f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a470e70a24e0385b61638e8e3e3d8689ad241745", "sha256_hash": "937c9a0bdee1736d23c34c0ab6ead88aa49dfe9a7a0233a1d30d0dd57b0d2fed", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000788-addr_0x0000000000550000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000788-addr_0x0000000000550000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_310", "md5_hash": "78c7fd513f4a4ba8abf5ec91f3622a45", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e3ec7b69b319a7313a772274cbe7951c95728c4a", "sha256_hash": "e5abab8c16b91841e0d6d6e88ac27ba4560802838f151d95c3ec1316f8dc0650", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000809-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000809-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_311", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000810-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000810-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_312", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000814-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000814-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_313", "md5_hash": "2cd9afe88bade713bc4dbefef928dcf2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1977aaf90284d058113faa408745fbc37ef65fb1", "sha256_hash": "f51e772681f17e7043dcf5849df5e2477250d85979838c10891082d51dd67b62", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000815-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000815-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_314", "md5_hash": "2cd9afe88bade713bc4dbefef928dcf2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1977aaf90284d058113faa408745fbc37ef65fb1", "sha256_hash": "f51e772681f17e7043dcf5849df5e2477250d85979838c10891082d51dd67b62", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000816-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00000816-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_315", "md5_hash": "ea97fd95246ff57d9b36bc9d2c8d9cc6", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18ad4606d492d268dfbf507085410e47a400af9a", "sha256_hash": "79c42fbaa9a4aff77faa3e7a6eac4c4943c98480e483a30766648329b414b33f", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000817-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00000817-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "c26160994056ae6547ef866c49a464d2", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7cd97526de05f1076fb89126177fab00676034fe", "sha256_hash": "beb360f5b5c942b2afff61c759e4212efdbeae41e57e8028e308bd84458e4179", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000821-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000821-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_317", "md5_hash": "4956346ad7241b9cdcf2f99acd91713a", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94aed49e1acdeeb8358550b7275f3be5aa4665f3", "sha256_hash": "ee8af05aa6a5fe43286abf60c2c10747426a972c0f3f96fa4f94f3016de738f2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000822-addr_0x0000000000200000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000822-addr_0x0000000000200000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_318", "md5_hash": "9b5c057b7e2fbfea2e6b375b9728ba11", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c3c1622e10053b33fde11cf5f47a3df9e859bd9a", "sha256_hash": "3cd00ed55271f96b89111e135d34ada745b00ac04f3933273154835706000e0d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000827-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00000827-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_319", "md5_hash": "967d566ada4b42da0b3a0478d181b2c9", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f30141f5dd8a5e8dc991d38d3083509aec405404", "sha256_hash": "5c2eee772079034cbf53f26c3854c79b60d196fffffa800d0c4f68e3ff5c4ce2", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000828-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000828-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_320", "md5_hash": "ac3096f5da2a1a72c6b296913b9aa4ac", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6333b42c595fdc6f4551283c6e747fb8acf32438", "sha256_hash": "a11e3d0be2b1b2fdc5e996f378548fabaaaae5b08c891a901327b532484d33af", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000829-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000829-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_321", "md5_hash": "bada113c29d02ea1055ad44cbe021ec8", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6380aba40ba1069b034bb25a5d46d361ae297763", "sha256_hash": "cccbdce62ea712c02992acf5ba9a79efa14e8f1f2b30a9985116b0899bace225", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000831-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00000831-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_322", "md5_hash": "a71b43d09e839884117c1a661a7bae40", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0fda24ca443603631c834983974a7d09bfbd7b7e", "sha256_hash": "e006f295c317abf20999f5cff431db7ef0d56d076574c23796866c137afe005d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000833-addr_0x00000000000c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00000833-addr_0x00000000000c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_323", "md5_hash": "6c6767b167caa6e2ed9dd749f3009831", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c867a47fae9513756b1cf72249442b4f6bc15b6", "sha256_hash": "68a45347ca125967305d7c5c1ae89ae1b6c331e69fad6c645d36982ebe1f3798", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000840-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000840-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_324", "md5_hash": "404c929fc0752edd0884c95458387f6f", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7c5217afe2d8fbf86a26c762ecb9c5f5da1757ed", "sha256_hash": "49d96cdbf47308cf758eed621a3e37ca1cb1e9fc4c99f5f5d3fe1292b2323d0b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000841-addr_0x00000000004f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00000841-addr_0x00000000004f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_325", "md5_hash": "325d6b4c3aaf75abb74459468e10bb95", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a15ac70c5ee221d8eda430cdd59c9f62da6918d5", "sha256_hash": "1a496f86fe1ae780cf0e16e62f4212397009bb3fa65ee7ddb129c19fe3aa960c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000855-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000007-region_00000855-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_326", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000856-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000007-region_00000856-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_327", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000864-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000864-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_328", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000865-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000865-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_329", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000939-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00000939-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_357", "md5_hash": "f4efcbeef9b3a2422b85c76121096a37", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d9118601121270cd4469cbb0d886970612ae9a5", "sha256_hash": "67d6da4078cf4e93472f22144d1b7518c7b8eb5380e99a78eef2b4c86f1da161", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000940-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00000940-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_358", "md5_hash": "bcb4093a7dae66c1eede1284374a0605", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8727233a3c9c449a92086c7ef5ac7fdb5c778d0", "sha256_hash": "d79b5559e5be6bb5adc9a1bd9cfe7ecf0252ea89baf2f9bd39aa3fdc34c32640", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000943-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000008-region_00000943-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_359", "md5_hash": "ef932c62b00f0cece9ba59c320c1cd96", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "635d8ef78d7bbc9c4779c645155b666279373739", "sha256_hash": "44929881403a5e5b1104f7d98003c695445e03aebcfbef61e3f8f8c51364b11b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000944-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000944-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_360", "md5_hash": "a63cfc74d3d25e4cd83121ee21a0d2cc", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e8ac10ed2329b4388dfaff494c30b29c2e4dff63", "sha256_hash": "9becfaa0ac7c7e1d2341258259d15ae4598fc65d8e967b362d7bea4508b566d1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000949-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000008-region_00000949-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_361", "md5_hash": "a51578afaf6fdc61f335b9d0af5925e8", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9c1a609c2c4010ab82d6450daabafa7e75a1735", "sha256_hash": "59f39d6a852a34cccbaff17cf8c0b9f89a3fca2e5b37d07cf6dbfd3e81e7a30e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000951-addr_0x00000000fffdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000008-region_00000951-addr_0x00000000fffdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_362", "md5_hash": "910f62d59e0c3ea213640dddd59c98c1", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a896208e927bb96697ff42ce0cafbf93adef7d1", "sha256_hash": "243361c37c6af9d559b24c50ab20f07d926016ae7516438708d384265a83458c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000952-addr_0x00000000fffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000952-addr_0x00000000fffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_363", "md5_hash": "b21176d78ca8272ecb6de5c9f519b24d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b484ed12bdb43c65449fdee223b213f5bf47f2d4", "sha256_hash": "4d5686870860dbc7fb1877467601d9329ac8ee43506c5c1dad6f60a2945eaa5d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000953-addr_0x00000000fffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000953-addr_0x00000000fffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_364", "md5_hash": "d65066fd855a24986eea68b5ee7d326a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "06470d612be758a0c8f7080f4b947581ed033de9", "sha256_hash": "811c8004531d770bfec86c360ca5d3795d2fab41fce3722a1e1ef751ffd8d877", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000962-addr_0x0000000000aa0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00000962-addr_0x0000000000aa0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_366", "md5_hash": "ad13f8a56aa2fa1a4814b108adfb2c3a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43c7015df7fc85c2a90a342012b3cf54d4b80c8f", "sha256_hash": "50591017f1bcc5539b30a6346c150907dd01c42cd0e55cc2843a97a3f7d9dfe2", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000966-addr_0x0000000000d10000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000008-region_00000966-addr_0x0000000000d10000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_367", "md5_hash": "78364ef5f5f1b3c35956fdd25a9e2049", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40b86ab729c929ca97eecea183e9cef7c7fa42a8", "sha256_hash": "e0f5148c84c6bba7497fb717bb8be3437a46fb1416c009ac5d69055fa69169b8", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000969-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000008-region_00000969-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_368", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000970-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000008-region_00000970-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_369", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000987-addr_0x0000000000a80000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00000987-addr_0x0000000000a80000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_370", "md5_hash": "6cac4e43fd265ac72fb9da7374dd740a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9829d6c4a0c516a277f86b0ec6c5e3fcde80c3a6", "sha256_hash": "1f0d4def85e7b73ae6b67ca565df848a83a60a16eae503311121f98f77a897fd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000990-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000990-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_371", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000991-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000991-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_372", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000992-addr_0x0000000000230000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00000992-addr_0x0000000000230000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_373", "md5_hash": "960ef847c67a3037c04a8ca46be6e0f6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "59fa7acfd92602e4825abbe5c9fd71fd4b9fb045", "sha256_hash": "e0ce863bd15e9770d429030368a9c653d19fee79f5e1f57206b4bf0984189110", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001003-addr_0x0000000000ed0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001003-addr_0x0000000000ed0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_374", "md5_hash": "16b087f5e0e5dcde2a26cb92ae8640e5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c0adb90b38c07d6f5f34745c117cc0a69ebe5f1", "sha256_hash": "80749310bd03d77744c8b1d8fdbac30030eddbd7d4c17947c00febc2ca70bbbd", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001006-addr_0x0000000001000000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001006-addr_0x0000000001000000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_375", "md5_hash": "a76f5b8817f169d195d64c113aab041d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2e0da7bb9d4ade498b271f04eca2dbfc6de441da", "sha256_hash": "1e8132804157ce221d5ef491ba8cb4eadc3083c9fc5e6ac5101825468f57c22e", "size": 1048576, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lxqfwvdqlkd.exe\" ", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe", "id": "proc_1", "image_name": "lxqfwvdqlkd.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_87", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.420", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_88", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.421", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000004-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_89", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_4", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:20.424", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000005-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_5", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:20.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_6", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:20.425", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000007-addr_0x0000000000400000-size_0x0000000000048000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_91", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 294912, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4489215, "entry_point": 4194304, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lxqfwvdqlkd.exe", "id": "region_7", "name": "lxqfwvdqlkd.exe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:20.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_8", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:00:20.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_9", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:00:20.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_10", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000011-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_92", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_11", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000012-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_93", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_12", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000013-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_13", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_14", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.617", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_15", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_16", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.617", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000149-addr_0x00000000001e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_149", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:22.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940701183, "entry_point": 1940324352, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_150", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:00:22.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940975615, "entry_point": 1940717568, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_151", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:00:23.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1941209087, "entry_point": 1941176320, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_152", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:00:23.010", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000153-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_153", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:23.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966497791, "entry_point": 1966211072, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_154", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:23.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986789375, "entry_point": 1985675264, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_155", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:23.103", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000156-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 0, "filename": null, "id": "region_156", "name": "private_0x0000000077160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997930496, "timestamp": "00:00:23.308", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000157-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 0, "filename": null, "id": "region_157", "name": "private_0x0000000077260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998979072, "timestamp": "00:00:23.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_158", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:23.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4943871, "entry_point": 4521984, "filename": "\\Windows\\System32\\locale.nls", "id": "region_159", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 4521984, "timestamp": "00:00:23.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1388544, "start_va": 1922301952, "type": "region", "version": 1 }, "end_va": 1923690495, "entry_point": 1922301952, "filename": "\\Windows\\SysWOW64\\msvbvm60.dll", "id": "region_160", "name": "msvbvm60.dll", "norm_filename": "c:\\windows\\syswow64\\msvbvm60.dll", "region_type": "memory_mapped_file", "start_va": 1922301952, "timestamp": "00:00:23.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963655168, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_161", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:00:23.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1964113919, "entry_point": 1963720704, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_162", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:00:23.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965162495, "entry_point": 1964113920, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_163", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:00:23.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965395967, "entry_point": 1965293568, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_164", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:00:23.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965424640, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_165", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:23.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1967849471, "entry_point": 1966866432, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_166", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:00:23.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1968046080, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_167", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:00:23.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1968635904, "type": "region", "version": 1 }, "end_va": 1970061311, "entry_point": 1968635904, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_168", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1968635904, "timestamp": "00:00:23.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1983774720, "type": "region", "version": 1 }, "end_va": 1984360447, "entry_point": 1983774720, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_169", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1983774720, "timestamp": "00:00:24.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1987420159, "entry_point": 1987379200, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_170", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:00:24.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1987444736, "type": "region", "version": 1 }, "end_va": 1988100095, "entry_point": 1987444736, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_171", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1987444736, "timestamp": "00:00:24.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1992085503, "entry_point": 1991442432, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_172", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:00:24.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_173", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:24.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:24.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000175-addr_0x0000000000580000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:00:24.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 7438335, "entry_point": 0, "filename": null, "id": "region_176", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:00:24.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990197248, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_177", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:00:24.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1991049216, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1991049216, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_178", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1991049216, "timestamp": "00:00:24.366", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000179-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_179", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:24.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000180-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:24.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 9048063, "entry_point": 0, "filename": null, "id": "region_181", "name": "pagefile_0x0000000000720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7471104, "timestamp": "00:00:24.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 30081023, "entry_point": 0, "filename": null, "id": "region_182", "name": "pagefile_0x00000000008b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9109504, "timestamp": "00:00:24.408", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000183-addr_0x0000000001d70000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x0000000001d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 30867456, "timestamp": "00:00:24.432", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000184-addr_0x0000000001d80000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x0000000001d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 30932992, "timestamp": "00:00:24.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 38072319, "entry_point": 35127296, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_185", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35127296, "timestamp": "00:00:24.450", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000186-addr_0x0000000002450000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 39124991, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:00:24.453", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000187-addr_0x00000000004f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:00:24.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1938489344, "type": "region", "version": 1 }, "end_va": 1939013631, "entry_point": 1938489344, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_188", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1938489344, "timestamp": "00:00:24.458", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000189-addr_0x0000000001cb0000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_189", "name": "private_0x0000000001cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30081024, "timestamp": "00:00:24.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 39124992, "type": "region", "version": 1 }, "end_va": 40038399, "entry_point": 0, "filename": null, "id": "region_190", "name": "pagefile_0x0000000002550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39124992, "timestamp": "00:00:24.516", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000191-addr_0x00000000001a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:00:24.520", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000192-addr_0x0000000002780000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41418752, "type": "region", "version": 1 }, "end_va": 41484287, "entry_point": 0, "filename": null, "id": "region_192", "name": "private_0x0000000002780000", "norm_filename": null, "region_type": "private_memory", "start_va": 41418752, "timestamp": "00:00:24.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1961623552, "type": "region", "version": 1 }, "end_va": 1962012671, "entry_point": 1961623552, "filename": "\\Windows\\SysWOW64\\sxs.dll", "id": "region_193", "name": "sxs.dll", "norm_filename": "c:\\windows\\syswow64\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1961623552, "timestamp": "00:00:24.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1933770752, "type": "region", "version": 1 }, "end_va": 1933848575, "entry_point": 1933770752, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_194", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1933770752, "timestamp": "00:00:24.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 0, "filename": null, "id": "region_195", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:24.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_196", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:24.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 45625343, "entry_point": 0, "filename": null, "id": "region_197", "name": "pagefile_0x0000000002790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41484288, "timestamp": "00:00:24.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 55312383, "entry_point": 45678592, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_198", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 45678592, "timestamp": "00:00:24.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1961230336, "type": "region", "version": 1 }, "end_va": 1961562111, "entry_point": 1961230336, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_199", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1961230336, "timestamp": "00:00:24.819", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000200-addr_0x0000000002450000-size_0x00000000000b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 720896, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 38797311, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:00:24.841", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000201-addr_0x0000000002510000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 38862848, "type": "region", "version": 1 }, "end_va": 39124991, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x0000000002510000", "norm_filename": null, "region_type": "private_memory", "start_va": 38862848, "timestamp": "00:00:24.842", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000202-addr_0x0000000000260000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:00:31.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000203-addr_0x0000000002630000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 40042496, "type": "region", "version": 1 }, "end_va": 41091071, "entry_point": 0, "filename": null, "id": "region_203", "name": "private_0x0000000002630000", "norm_filename": null, "region_type": "private_memory", "start_va": 40042496, "timestamp": "00:00:31.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000204-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:31.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_205", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:31.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 1900544, "filename": "\\Windows\\SysWOW64\\en-US\\msctf.dll.mui", "id": "region_206", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:00:31.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3809279, "entry_point": 0, "filename": null, "id": "region_207", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:00:31.562", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000208-addr_0x0000000002450000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 38600703, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:00:31.564", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000209-addr_0x00000000024f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 38731776, "type": "region", "version": 1 }, "end_va": 38797311, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x00000000024f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38731776, "timestamp": "00:00:31.564", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000210-addr_0x00000000003a0000-size_0x0000000000009000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3837951, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:31.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 67108864, "start_va": 55312384, "type": "region", "version": 1 }, "end_va": 122421247, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x00000000034c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55312384, "timestamp": "00:00:42.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1983750143, "entry_point": 1970864128, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_212", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:00:50.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997893631, "entry_point": 1997537280, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_213", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:00:51.387", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000214-addr_0x00000000003b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:51.483", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lxqfwvdqlkd.exe\" ", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe", "id": "proc_2", "image_name": "lxqfwvdqlkd.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000215-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:51.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000216-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:51.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_217", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:51.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000218-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:51.504", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000219-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:51.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_220", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:51.504", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000221-addr_0x0000000000400000-size_0x0000000000024000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4341759, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:51.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_222", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:00:51.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_223", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:00:51.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_224", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:51.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000225-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:51.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000226-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:51.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000227-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:51.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:51.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000229-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:51.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:51.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000231-addr_0x0000000000300000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:00:51.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940701183, "entry_point": 1940584344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_232", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:00:51.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940975615, "entry_point": 1940905592, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_233", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:00:51.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1941209087, "entry_point": 1941184760, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_234", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:00:51.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_235", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:51.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_236", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:00:51.551", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000237-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:00:51.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966497791, "entry_point": 1966240888, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_238", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:51.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986789375, "entry_point": 1985753811, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_239", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:51.552", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000240-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x0000000077160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997930496, "timestamp": "00:00:51.553", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000241-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x0000000077260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998979072, "timestamp": "00:00:51.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_242", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:51.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:51.553", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000244-addr_0x0000000000690000-size_0x0000000000181000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1576960, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:00:51.907", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000245-addr_0x0000000000820000-size_0x0000000000303000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 3158016, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 11677695, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x0000000000820000", "norm_filename": null, "region_type": "private_memory", "start_va": 8519680, "timestamp": "00:00:51.912", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000246-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:51.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1987444736, "type": "region", "version": 1 }, "end_va": 1988100095, "entry_point": 1987529189, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_247", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1987444736, "timestamp": "00:00:51.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965466738, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_248", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:51.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965395967, "entry_point": 1965312373, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_249", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:00:51.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1967849471, "entry_point": 1966933353, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_250", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:00:51.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1964113919, "entry_point": 1963828147, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_251", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:00:51.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963659489, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_252", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:00:51.975", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000253-addr_0x0000000000b30000-size_0x00000000001b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1769472, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 13500415, "entry_point": 0, "filename": null, "id": "region_253", "name": "private_0x0000000000b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 11730944, "timestamp": "00:00:51.977", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000254-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_254", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:52.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2572287, "entry_point": 0, "filename": null, "id": "region_255", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:00:52.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000256-addr_0x0000000000430000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:52.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000257-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_257", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:52.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000258-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_258", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:52.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7450623, "entry_point": 0, "filename": null, "id": "region_259", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:52.009", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000669-addr_0x0000000000030000-size_0x000000000000e000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_267", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 0, "filename": null, "id": "region_669", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:56.610", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000670-addr_0x0000000000280000-size_0x000000000000e000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_268", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2678783, "entry_point": 0, "filename": null, "id": "region_670", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:56.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965162495, "entry_point": 1964226285, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_671", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:00:56.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1968137027, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_672", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:00:56.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1987420159, "entry_point": 1987393184, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_673", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:00:56.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1992085503, "entry_point": 1991655383, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_674", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:00:56.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2809855, "entry_point": 2758031, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_675", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:00:56.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 13336575, "entry_point": 0, "filename": null, "id": "region_676", "name": "pagefile_0x0000000000b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11730944, "timestamp": "00:00:56.667", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000677-addr_0x0000000000cd0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_269", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 13434880, "type": "region", "version": 1 }, "end_va": 13500415, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x0000000000cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13434880, "timestamp": "00:00:56.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1991049216, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1991120271, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_679", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1991049216, "timestamp": "00:00:56.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990203019, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_680", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:00:56.670", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000681-addr_0x0000000000290000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_270", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_681", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:56.673", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000682-addr_0x00000000002a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_271", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_682", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:56.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 13500416, "type": "region", "version": 1 }, "end_va": 15077375, "entry_point": 0, "filename": null, "id": "region_683", "name": "pagefile_0x0000000000ce0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13500416, "timestamp": "00:00:56.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 15138816, "type": "region", "version": 1 }, "end_va": 36110335, "entry_point": 0, "filename": null, "id": "region_684", "name": "pagefile_0x0000000000e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15138816, "timestamp": "00:00:56.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2965503, "entry_point": 0, "filename": null, "id": "region_717", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:00:59.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3096575, "entry_point": 0, "filename": null, "id": "region_719", "name": "pagefile_0x00000000002e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3014656, "timestamp": "00:00:59.793", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Explorer.EXE", "filename": "c:\\windows\\explorer.exe", "id": "proc_3", "image_name": "explorer.exe", "monitor_reason": "injection", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_260", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:52.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 139263, "entry_point": 0, "filename": null, "id": "region_261", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:52.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_262", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:52.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_263", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:52.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_264", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:52.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_265", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:52.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_266", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:52.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000267-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_267", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:52.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000268-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_268", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:52.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_269", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:00:52.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000270-addr_0x0000000000110000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_270", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:52.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000271-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_271", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:52.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_272", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:52.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_273", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:52.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2039807, "entry_point": 0, "filename": null, "id": "region_274", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:52.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000275-addr_0x0000000000200000-size_0x0000000000018000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 98304, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2195455, "entry_point": 0, "filename": null, "id": "region_275", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:52.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_276", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:00:52.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000277-addr_0x0000000000230000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_277", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:52.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000278-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_278", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:52.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000279-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_279", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:52.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000280-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_280", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:00:52.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 6127615, "entry_point": 0, "filename": null, "id": "region_281", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:00:52.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 7737343, "entry_point": 0, "filename": null, "id": "region_282", "name": "pagefile_0x00000000005e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6160384, "timestamp": "00:00:52.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7798784, "type": "region", "version": 1 }, "end_va": 28770303, "entry_point": 0, "filename": null, "id": "region_283", "name": "pagefile_0x0000000000770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7798784, "timestamp": "00:00:52.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28770304, "type": "region", "version": 1 }, "end_va": 32911359, "entry_point": 0, "filename": null, "id": "region_284", "name": "pagefile_0x0000000001b70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28770304, "timestamp": "00:00:52.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000285-addr_0x0000000001f70000-size_0x000000000001c000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 114688, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 33079295, "entry_point": 0, "filename": null, "id": "region_285", "name": "private_0x0000000001f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 32964608, "timestamp": "00:00:52.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 33107967, "entry_point": 0, "filename": null, "id": "region_286", "name": "pagefile_0x0000000001f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33095680, "timestamp": "00:00:52.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000287-addr_0x0000000001fa0000-size_0x0000000000005000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 20480, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 33181695, "entry_point": 0, "filename": null, "id": "region_287", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:00:52.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000288-addr_0x0000000001fb0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 33292287, "entry_point": 0, "filename": null, "id": "region_288", "name": "private_0x0000000001fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33226752, "timestamp": "00:00:52.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000289-addr_0x0000000001fc0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 33296383, "entry_point": 0, "filename": null, "id": "region_289", "name": "private_0x0000000001fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33292288, "timestamp": "00:00:52.020", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000290-addr_0x0000000001fd0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33882111, "entry_point": 0, "filename": null, "id": "region_290", "name": "private_0x0000000001fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33357824, "timestamp": "00:00:52.021", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000291-addr_0x0000000002050000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 34406399, "entry_point": 0, "filename": null, "id": "region_291", "name": "private_0x0000000002050000", "norm_filename": null, "region_type": "private_memory", "start_va": 33882112, "timestamp": "00:00:52.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 34406400, "type": "region", "version": 1 }, "end_va": 35319807, "entry_point": 0, "filename": null, "id": "region_292", "name": "pagefile_0x00000000020d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34406400, "timestamp": "00:00:52.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35323904, "type": "region", "version": 1 }, "end_va": 38268927, "entry_point": 35323904, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_293", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35323904, "timestamp": "00:00:52.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 38273024, "type": "region", "version": 1 }, "end_va": 38281215, "entry_point": 0, "filename": null, "id": "region_294", "name": "pagefile_0x0000000002480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38273024, "timestamp": "00:00:52.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 38338560, "type": "region", "version": 1 }, "end_va": 38346751, "entry_point": 0, "filename": null, "id": "region_295", "name": "pagefile_0x0000000002490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38338560, "timestamp": "00:00:52.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 38416383, "entry_point": 38404096, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui", "id": "region_296", "name": "comctl32.dll.mui", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui", "region_type": "memory_mapped_file", "start_va": 38404096, "timestamp": "00:00:52.021", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000297-addr_0x00000000024b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 38469632, "type": "region", "version": 1 }, "end_va": 38473727, "entry_point": 0, "filename": null, "id": "region_297", "name": "private_0x00000000024b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38469632, "timestamp": "00:00:52.028", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000298-addr_0x00000000024c0000-size_0x000000000001c000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 114688, "start_va": 38535168, "type": "region", "version": 1 }, "end_va": 38649855, "entry_point": 0, "filename": null, "id": "region_298", "name": "private_0x00000000024c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38535168, "timestamp": "00:00:52.028", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000299-addr_0x00000000024e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 38666240, "type": "region", "version": 1 }, "end_va": 38670335, "entry_point": 0, "filename": null, "id": "region_299", "name": "private_0x00000000024e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38666240, "timestamp": "00:00:52.029", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000300-addr_0x00000000024f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 38731776, "type": "region", "version": 1 }, "end_va": 39256063, "entry_point": 0, "filename": null, "id": "region_300", "name": "private_0x00000000024f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38731776, "timestamp": "00:00:52.029", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000301-addr_0x0000000002570000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 39256064, "type": "region", "version": 1 }, "end_va": 39292927, "entry_point": 0, "filename": null, "id": "region_301", "name": "private_0x0000000002570000", "norm_filename": null, "region_type": "private_memory", "start_va": 39256064, "timestamp": "00:00:52.029", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000302-addr_0x0000000002580000-size_0x0000000000060000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 393216, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 39714815, "entry_point": 0, "filename": null, "id": "region_302", "name": "private_0x0000000002580000", "norm_filename": null, "region_type": "private_memory", "start_va": 39321600, "timestamp": "00:00:52.029", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000303-addr_0x00000000025e0000-size_0x000000000006c000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 442368, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 40157183, "entry_point": 0, "filename": null, "id": "region_303", "name": "private_0x00000000025e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39714816, "timestamp": "00:00:52.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000304-addr_0x0000000002650000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 40173568, "type": "region", "version": 1 }, "end_va": 41222143, "entry_point": 0, "filename": null, "id": "region_304", "name": "private_0x0000000002650000", "norm_filename": null, "region_type": "private_memory", "start_va": 40173568, "timestamp": "00:00:52.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000305-addr_0x0000000002750000-size_0x0000000000030000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 196608, "start_va": 41222144, "type": "region", "version": 1 }, "end_va": 41418751, "entry_point": 0, "filename": null, "id": "region_305", "name": "private_0x0000000002750000", "norm_filename": null, "region_type": "private_memory", "start_va": 41222144, "timestamp": "00:00:52.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000306-addr_0x0000000002780000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41418752, "type": "region", "version": 1 }, "end_va": 41484287, "entry_point": 0, "filename": null, "id": "region_306", "name": "private_0x0000000002780000", "norm_filename": null, "region_type": "private_memory", "start_va": 41418752, "timestamp": "00:00:52.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000307-addr_0x0000000002790000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 41549823, "entry_point": 0, "filename": null, "id": "region_307", "name": "private_0x0000000002790000", "norm_filename": null, "region_type": "private_memory", "start_va": 41484288, "timestamp": "00:00:52.031", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000308-addr_0x00000000027a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41549824, "type": "region", "version": 1 }, "end_va": 41615359, "entry_point": 0, "filename": null, "id": "region_308", "name": "private_0x00000000027a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41549824, "timestamp": "00:00:52.031", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000309-addr_0x00000000027b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 41680895, "entry_point": 0, "filename": null, "id": "region_309", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:00:52.031", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000310-addr_0x00000000027c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41680896, "type": "region", "version": 1 }, "end_va": 41746431, "entry_point": 0, "filename": null, "id": "region_310", "name": "private_0x00000000027c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41680896, "timestamp": "00:00:52.031", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000311-addr_0x00000000027d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 41811967, "entry_point": 0, "filename": null, "id": "region_311", "name": "private_0x00000000027d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41746432, "timestamp": "00:00:52.031", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000312-addr_0x00000000027e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41811968, "type": "region", "version": 1 }, "end_va": 41877503, "entry_point": 0, "filename": null, "id": "region_312", "name": "private_0x00000000027e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41811968, "timestamp": "00:00:52.032", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000313-addr_0x00000000027f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41877504, "type": "region", "version": 1 }, "end_va": 41943039, "entry_point": 0, "filename": null, "id": "region_313", "name": "private_0x00000000027f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41877504, "timestamp": "00:00:52.032", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000314-addr_0x0000000002800000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41943040, "type": "region", "version": 1 }, "end_va": 42008575, "entry_point": 0, "filename": null, "id": "region_314", "name": "private_0x0000000002800000", "norm_filename": null, "region_type": "private_memory", "start_va": 41943040, "timestamp": "00:00:52.032", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000315-addr_0x0000000002810000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 42008576, "type": "region", "version": 1 }, "end_va": 42074111, "entry_point": 0, "filename": null, "id": "region_315", "name": "private_0x0000000002810000", "norm_filename": null, "region_type": "private_memory", "start_va": 42008576, "timestamp": "00:00:52.032", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000316-addr_0x0000000002820000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 42074112, "type": "region", "version": 1 }, "end_va": 42139647, "entry_point": 0, "filename": null, "id": "region_316", "name": "private_0x0000000002820000", "norm_filename": null, "region_type": "private_memory", "start_va": 42074112, "timestamp": "00:00:52.032", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000317-addr_0x0000000002830000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 42139648, "type": "region", "version": 1 }, "end_va": 43188223, "entry_point": 0, "filename": null, "id": "region_317", "name": "private_0x0000000002830000", "norm_filename": null, "region_type": "private_memory", "start_va": 42139648, "timestamp": "00:00:52.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43196415, "entry_point": 0, "filename": null, "id": "region_318", "name": "pagefile_0x0000000002930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43188224, "timestamp": "00:00:52.033", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000319-addr_0x0000000002940000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43257855, "entry_point": 0, "filename": null, "id": "region_319", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:00:52.033", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000320-addr_0x0000000002950000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43323391, "entry_point": 0, "filename": null, "id": "region_320", "name": "private_0x0000000002950000", "norm_filename": null, "region_type": "private_memory", "start_va": 43319296, "timestamp": "00:00:52.033", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000321-addr_0x0000000002960000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43417599, "entry_point": 0, "filename": null, "id": "region_321", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:00:52.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 43450368, "type": "region", "version": 1 }, "end_va": 43646975, "entry_point": 43450368, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000010.db", "id": "region_322", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "region_type": "memory_mapped_file", "start_va": 43450368, "timestamp": "00:00:52.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 43651071, "entry_point": 0, "filename": null, "id": "region_323", "name": "pagefile_0x00000000029a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43646976, "timestamp": "00:00:52.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 43728895, "entry_point": 43712512, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_324", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 43712512, "timestamp": "00:00:52.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 43778048, "type": "region", "version": 1 }, "end_va": 43794431, "entry_point": 43778048, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_325", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 43778048, "timestamp": "00:00:52.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 43851775, "entry_point": 0, "filename": null, "id": "region_326", "name": "pagefile_0x00000000029d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43843584, "timestamp": "00:00:52.034", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000327-addr_0x00000000029e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 43974655, "entry_point": 0, "filename": null, "id": "region_327", "name": "private_0x00000000029e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43909120, "timestamp": "00:00:52.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43974656, "type": "region", "version": 1 }, "end_va": 43982847, "entry_point": 0, "filename": null, "id": "region_328", "name": "pagefile_0x00000000029f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43974656, "timestamp": "00:00:52.034", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000329-addr_0x0000000002a00000-size_0x0000000000048000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 294912, "start_va": 44040192, "type": "region", "version": 1 }, "end_va": 44335103, "entry_point": 0, "filename": null, "id": "region_329", "name": "private_0x0000000002a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 44040192, "timestamp": "00:00:52.035", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000330-addr_0x0000000002a50000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 44367872, "type": "region", "version": 1 }, "end_va": 44384255, "entry_point": 0, "filename": null, "id": "region_330", "name": "private_0x0000000002a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 44367872, "timestamp": "00:00:52.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 44433408, "type": "region", "version": 1 }, "end_va": 44441599, "entry_point": 0, "filename": null, "id": "region_331", "name": "pagefile_0x0000000002a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 44433408, "timestamp": "00:00:52.035", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000332-addr_0x0000000002a70000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 44498944, "type": "region", "version": 1 }, "end_va": 44515327, "entry_point": 0, "filename": null, "id": "region_332", "name": "private_0x0000000002a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 44498944, "timestamp": "00:00:52.035", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000333-addr_0x0000000002a80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 45613055, "entry_point": 0, "filename": null, "id": "region_333", "name": "private_0x0000000002a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 44564480, "timestamp": "00:00:52.035", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000334-addr_0x0000000002b80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 45613056, "type": "region", "version": 1 }, "end_va": 46661631, "entry_point": 0, "filename": null, "id": "region_334", "name": "private_0x0000000002b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 45613056, "timestamp": "00:00:52.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 46727168, "type": "region", "version": 1 }, "end_va": 46731263, "entry_point": 0, "filename": null, "id": "region_335", "name": "pagefile_0x0000000002c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 46727168, "timestamp": "00:00:52.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 46792704, "type": "region", "version": 1 }, "end_va": 46800895, "entry_point": 0, "filename": null, "id": "region_336", "name": "pagefile_0x0000000002ca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 46792704, "timestamp": "00:00:52.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 46858240, "type": "region", "version": 1 }, "end_va": 46911487, "entry_point": 46858240, "filename": "\\Windows\\System32\\en-US\\wininet.dll.mui", "id": "region_337", "name": "wininet.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\wininet.dll.mui", "region_type": "memory_mapped_file", "start_va": 46858240, "timestamp": "00:00:52.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 46923776, "type": "region", "version": 1 }, "end_va": 46956543, "entry_point": 46923776, "filename": "\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_338", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 46923776, "timestamp": "00:00:52.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 46989312, "type": "region", "version": 1 }, "end_va": 47005695, "entry_point": 46989312, "filename": "\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\Cookies\\index.dat", "id": "region_339", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 46989312, "timestamp": "00:00:52.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 47054848, "type": "region", "version": 1 }, "end_va": 47120383, "entry_point": 47054848, "filename": "\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat", "id": "region_340", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 47054848, "timestamp": "00:00:52.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 47120384, "type": "region", "version": 1 }, "end_va": 47185919, "entry_point": 47120384, "filename": "\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\History\\History.IE5\\MSHist012017092120170922\\index.dat", "id": "region_341", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\history\\history.ie5\\mshist012017092120170922\\index.dat", "region_type": "memory_mapped_file", "start_va": 47120384, "timestamp": "00:00:52.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 47185920, "type": "region", "version": 1 }, "end_va": 47190015, "entry_point": 0, "filename": null, "id": "region_342", "name": "pagefile_0x0000000002d00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 47185920, "timestamp": "00:00:52.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 47775744, "type": "region", "version": 1 }, "end_va": 47779839, "entry_point": 47775744, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db", "id": "region_343", "name": "thumbcache_1024.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db", "region_type": "memory_mapped_file", "start_va": 47775744, "timestamp": "00:00:52.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 47841280, "type": "region", "version": 1 }, "end_va": 47845375, "entry_point": 47841280, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db", "id": "region_344", "name": "thumbcache_sr.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db", "region_type": "memory_mapped_file", "start_va": 47841280, "timestamp": "00:00:52.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 47906816, "type": "region", "version": 1 }, "end_va": 47910911, "entry_point": 47906816, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db", "id": "region_345", "name": "thumbcache_idx.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db", "region_type": "memory_mapped_file", "start_va": 47906816, "timestamp": "00:00:52.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 47972352, "type": "region", "version": 1 }, "end_va": 48541695, "entry_point": 0, "filename": null, "id": "region_346", "name": "pagefile_0x0000000002dc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 47972352, "timestamp": "00:00:52.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 48758784, "type": "region", "version": 1 }, "end_va": 52178943, "entry_point": 0, "filename": null, "id": "region_347", "name": "pagefile_0x0000000002e80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48758784, "timestamp": "00:00:52.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 52232192, "type": "region", "version": 1 }, "end_va": 52428799, "entry_point": 52232192, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", "id": "region_348", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 52232192, "timestamp": "00:00:52.044", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000349-addr_0x0000000003200000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 52428800, "type": "region", "version": 1 }, "end_va": 52432895, "entry_point": 0, "filename": null, "id": "region_349", "name": "private_0x0000000003200000", "norm_filename": null, "region_type": "private_memory", "start_va": 52428800, "timestamp": "00:00:52.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000350-addr_0x0000000003210000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 52494336, "type": "region", "version": 1 }, "end_va": 52510719, "entry_point": 0, "filename": null, "id": "region_350", "name": "private_0x0000000003210000", "norm_filename": null, "region_type": "private_memory", "start_va": 52494336, "timestamp": "00:00:52.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000351-addr_0x0000000003220000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 52559872, "type": "region", "version": 1 }, "end_va": 53084159, "entry_point": 0, "filename": null, "id": "region_351", "name": "private_0x0000000003220000", "norm_filename": null, "region_type": "private_memory", "start_va": 52559872, "timestamp": "00:00:52.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000352-addr_0x00000000032a0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 53084160, "type": "region", "version": 1 }, "end_va": 53608447, "entry_point": 0, "filename": null, "id": "region_352", "name": "private_0x00000000032a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53084160, "timestamp": "00:00:52.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000353-addr_0x0000000003320000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 53608448, "type": "region", "version": 1 }, "end_va": 53612543, "entry_point": 0, "filename": null, "id": "region_353", "name": "private_0x0000000003320000", "norm_filename": null, "region_type": "private_memory", "start_va": 53608448, "timestamp": "00:00:52.049", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000354-addr_0x0000000003330000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 53673984, "type": "region", "version": 1 }, "end_va": 54198271, "entry_point": 0, "filename": null, "id": "region_354", "name": "private_0x0000000003330000", "norm_filename": null, "region_type": "private_memory", "start_va": 53673984, "timestamp": "00:00:52.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 54198272, "type": "region", "version": 1 }, "end_va": 54616063, "entry_point": 54198272, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_355", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 54198272, "timestamp": "00:00:52.049", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000356-addr_0x0000000003420000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 54657024, "type": "region", "version": 1 }, "end_va": 54661119, "entry_point": 0, "filename": null, "id": "region_356", "name": "private_0x0000000003420000", "norm_filename": null, "region_type": "private_memory", "start_va": 54657024, "timestamp": "00:00:52.050", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000357-addr_0x0000000003430000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 54722560, "type": "region", "version": 1 }, "end_va": 55246847, "entry_point": 0, "filename": null, "id": "region_357", "name": "private_0x0000000003430000", "norm_filename": null, "region_type": "private_memory", "start_va": 54722560, "timestamp": "00:00:52.050", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000358-addr_0x00000000034b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 55246848, "type": "region", "version": 1 }, "end_va": 55250943, "entry_point": 0, "filename": null, "id": "region_358", "name": "private_0x00000000034b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55246848, "timestamp": "00:00:52.050", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000359-addr_0x00000000034c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 55312384, "type": "region", "version": 1 }, "end_va": 55316479, "entry_point": 0, "filename": null, "id": "region_359", "name": "private_0x00000000034c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55312384, "timestamp": "00:00:52.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55377920, "type": "region", "version": 1 }, "end_va": 55382015, "entry_point": 55377920, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db", "id": "region_360", "name": "thumbcache_1024.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db", "region_type": "memory_mapped_file", "start_va": 55377920, "timestamp": "00:00:52.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 55443456, "type": "region", "version": 1 }, "end_va": 55451647, "entry_point": 0, "filename": null, "id": "region_361", "name": "pagefile_0x00000000034e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55443456, "timestamp": "00:00:52.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55508992, "type": "region", "version": 1 }, "end_va": 55513087, "entry_point": 0, "filename": null, "id": "region_362", "name": "pagefile_0x00000000034f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55508992, "timestamp": "00:00:52.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 55574528, "type": "region", "version": 1 }, "end_va": 55582719, "entry_point": 0, "filename": null, "id": "region_363", "name": "pagefile_0x0000000003500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55574528, "timestamp": "00:00:52.051", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000364-addr_0x0000000003510000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 55640064, "type": "region", "version": 1 }, "end_va": 55644159, "entry_point": 0, "filename": null, "id": "region_364", "name": "private_0x0000000003510000", "norm_filename": null, "region_type": "private_memory", "start_va": 55640064, "timestamp": "00:00:52.051", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000365-addr_0x0000000003520000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 55705600, "type": "region", "version": 1 }, "end_va": 56229887, "entry_point": 0, "filename": null, "id": "region_365", "name": "private_0x0000000003520000", "norm_filename": null, "region_type": "private_memory", "start_va": 55705600, "timestamp": "00:00:52.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 56229888, "type": "region", "version": 1 }, "end_va": 65863679, "entry_point": 56229888, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_366", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 56229888, "timestamp": "00:00:52.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 65863680, "type": "region", "version": 1 }, "end_va": 65871871, "entry_point": 0, "filename": null, "id": "region_367", "name": "pagefile_0x0000000003ed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65863680, "timestamp": "00:00:52.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 65929216, "type": "region", "version": 1 }, "end_va": 65945599, "entry_point": 65929216, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_368", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 65929216, "timestamp": "00:00:52.052", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000369-addr_0x0000000003ef0000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 65994752, "type": "region", "version": 1 }, "end_va": 65998847, "entry_point": 0, "filename": null, "id": "region_369", "name": "private_0x0000000003ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65994752, "timestamp": "00:00:52.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 66060288, "type": "region", "version": 1 }, "end_va": 66068479, "entry_point": 0, "filename": null, "id": "region_370", "name": "pagefile_0x0000000003f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 66060288, "timestamp": "00:00:52.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 66125824, "type": "region", "version": 1 }, "end_va": 66134015, "entry_point": 0, "filename": null, "id": "region_371", "name": "pagefile_0x0000000003f10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 66125824, "timestamp": "00:00:52.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 66191360, "type": "region", "version": 1 }, "end_va": 66199551, "entry_point": 0, "filename": null, "id": "region_372", "name": "pagefile_0x0000000003f20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 66191360, "timestamp": "00:00:52.052", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000373-addr_0x0000000003f30000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 66256896, "type": "region", "version": 1 }, "end_va": 66260991, "entry_point": 0, "filename": null, "id": "region_373", "name": "private_0x0000000003f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 66256896, "timestamp": "00:00:52.053", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000374-addr_0x0000000003f40000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 66322432, "type": "region", "version": 1 }, "end_va": 66326527, "entry_point": 0, "filename": null, "id": "region_374", "name": "private_0x0000000003f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 66322432, "timestamp": "00:00:52.053", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000375-addr_0x0000000003f50000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 66387968, "type": "region", "version": 1 }, "end_va": 66392063, "entry_point": 0, "filename": null, "id": "region_375", "name": "private_0x0000000003f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 66387968, "timestamp": "00:00:52.053", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000376-addr_0x0000000003f60000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 66453504, "type": "region", "version": 1 }, "end_va": 66977791, "entry_point": 0, "filename": null, "id": "region_376", "name": "private_0x0000000003f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 66453504, "timestamp": "00:00:52.053", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000377-addr_0x0000000003fe0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 66977792, "type": "region", "version": 1 }, "end_va": 66981887, "entry_point": 0, "filename": null, "id": "region_377", "name": "private_0x0000000003fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66977792, "timestamp": "00:00:52.054", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000378-addr_0x0000000003ff0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 67043328, "type": "region", "version": 1 }, "end_va": 67047423, "entry_point": 0, "filename": null, "id": "region_378", "name": "private_0x0000000003ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 67043328, "timestamp": "00:00:52.054", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000379-addr_0x0000000004000000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 67108864, "type": "region", "version": 1 }, "end_va": 67112959, "entry_point": 0, "filename": null, "id": "region_379", "name": "private_0x0000000004000000", "norm_filename": null, "region_type": "private_memory", "start_va": 67108864, "timestamp": "00:00:52.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 67174400, "type": "region", "version": 1 }, "end_va": 67190783, "entry_point": 67174400, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_380", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 67174400, "timestamp": "00:00:52.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 67239936, "type": "region", "version": 1 }, "end_va": 67244031, "entry_point": 67239936, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db", "id": "region_381", "name": "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 67239936, "timestamp": "00:00:52.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 67305472, "type": "region", "version": 1 }, "end_va": 67321855, "entry_point": 67305472, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_382", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 67305472, "timestamp": "00:00:52.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000383-addr_0x0000000004040000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 67371008, "type": "region", "version": 1 }, "end_va": 67895295, "entry_point": 0, "filename": null, "id": "region_383", "name": "private_0x0000000004040000", "norm_filename": null, "region_type": "private_memory", "start_va": 67371008, "timestamp": "00:00:52.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 67895296, "type": "region", "version": 1 }, "end_va": 67899391, "entry_point": 67895296, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db", "id": "region_384", "name": "{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db", "region_type": "memory_mapped_file", "start_va": 67895296, "timestamp": "00:00:52.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 67960832, "type": "region", "version": 1 }, "end_va": 67977215, "entry_point": 67960832, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_385", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 67960832, "timestamp": "00:00:52.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68026368, "type": "region", "version": 1 }, "end_va": 68030463, "entry_point": 68026368, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db", "id": "region_386", "name": "{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 68026368, "timestamp": "00:00:52.056", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000387-addr_0x00000000040f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 68091904, "type": "region", "version": 1 }, "end_va": 68095999, "entry_point": 0, "filename": null, "id": "region_387", "name": "private_0x00000000040f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68091904, "timestamp": "00:00:52.056", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000388-addr_0x0000000004100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 68157440, "type": "region", "version": 1 }, "end_va": 68161535, "entry_point": 0, "filename": null, "id": "region_388", "name": "private_0x0000000004100000", "norm_filename": null, "region_type": "private_memory", "start_va": 68157440, "timestamp": "00:00:52.057", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000389-addr_0x0000000004110000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 68222976, "type": "region", "version": 1 }, "end_va": 68227071, "entry_point": 0, "filename": null, "id": "region_389", "name": "private_0x0000000004110000", "norm_filename": null, "region_type": "private_memory", "start_va": 68222976, "timestamp": "00:00:52.057", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000390-addr_0x0000000004120000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 68288512, "type": "region", "version": 1 }, "end_va": 68292607, "entry_point": 0, "filename": null, "id": "region_390", "name": "private_0x0000000004120000", "norm_filename": null, "region_type": "private_memory", "start_va": 68288512, "timestamp": "00:00:52.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 68354048, "type": "region", "version": 1 }, "end_va": 68362239, "entry_point": 0, "filename": null, "id": "region_391", "name": "pagefile_0x0000000004130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 68354048, "timestamp": "00:00:52.057", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000392-addr_0x0000000004140000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 68419584, "type": "region", "version": 1 }, "end_va": 68943871, "entry_point": 0, "filename": null, "id": "region_392", "name": "private_0x0000000004140000", "norm_filename": null, "region_type": "private_memory", "start_va": 68419584, "timestamp": "00:00:52.057", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000393-addr_0x00000000041c0000-size_0x0000000000050000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 327680, "start_va": 68943872, "type": "region", "version": 1 }, "end_va": 69271551, "entry_point": 0, "filename": null, "id": "region_393", "name": "private_0x00000000041c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68943872, "timestamp": "00:00:52.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69271552, "type": "region", "version": 1 }, "end_va": 69275647, "entry_point": 69271552, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db", "id": "region_394", "name": "thumbcache_sr.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db", "region_type": "memory_mapped_file", "start_va": 69271552, "timestamp": "00:00:52.058", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000395-addr_0x0000000004220000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 69337088, "type": "region", "version": 1 }, "end_va": 69861375, "entry_point": 0, "filename": null, "id": "region_395", "name": "private_0x0000000004220000", "norm_filename": null, "region_type": "private_memory", "start_va": 69337088, "timestamp": "00:00:52.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 69861376, "type": "region", "version": 1 }, "end_va": 69865471, "entry_point": 0, "filename": null, "id": "region_396", "name": "pagefile_0x00000000042a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 69861376, "timestamp": "00:00:52.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69926912, "type": "region", "version": 1 }, "end_va": 69931007, "entry_point": 69926912, "filename": "\\Windows\\System32\\en-US\\wdmaud.drv.mui", "id": "region_397", "name": "wdmaud.drv.mui", "norm_filename": "c:\\windows\\system32\\en-us\\wdmaud.drv.mui", "region_type": "memory_mapped_file", "start_va": 69926912, "timestamp": "00:00:52.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69992448, "type": "region", "version": 1 }, "end_va": 69996543, "entry_point": 69992448, "filename": "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui", "id": "region_398", "name": "mmdevapi.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui", "region_type": "memory_mapped_file", "start_va": 69992448, "timestamp": "00:00:52.064", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000399-addr_0x00000000042d0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 70057984, "type": "region", "version": 1 }, "end_va": 70066175, "entry_point": 0, "filename": null, "id": "region_399", "name": "private_0x00000000042d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70057984, "timestamp": "00:00:52.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 70123520, "type": "region", "version": 1 }, "end_va": 70131711, "entry_point": 0, "filename": null, "id": "region_400", "name": "pagefile_0x00000000042e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 70123520, "timestamp": "00:00:52.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 70189056, "type": "region", "version": 1 }, "end_va": 70193151, "entry_point": 70189056, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_401", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 70189056, "timestamp": "00:00:52.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 70254592, "type": "region", "version": 1 }, "end_va": 70262783, "entry_point": 0, "filename": null, "id": "region_402", "name": "pagefile_0x0000000004300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 70254592, "timestamp": "00:00:52.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 70320128, "type": "region", "version": 1 }, "end_va": 70324223, "entry_point": 0, "filename": null, "id": "region_403", "name": "pagefile_0x0000000004310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 70320128, "timestamp": "00:00:52.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 70385664, "type": "region", "version": 1 }, "end_va": 70389759, "entry_point": 70385664, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db", "id": "region_404", "name": "thumbcache_idx.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db", "region_type": "memory_mapped_file", "start_va": 70385664, "timestamp": "00:00:52.078", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000405-addr_0x0000000004330000-size_0x0000000000033000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 208896, "start_va": 70451200, "type": "region", "version": 1 }, "end_va": 70660095, "entry_point": 0, "filename": null, "id": "region_405", "name": "private_0x0000000004330000", "norm_filename": null, "region_type": "private_memory", "start_va": 70451200, "timestamp": "00:00:52.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 70713344, "type": "region", "version": 1 }, "end_va": 70717439, "entry_point": 0, "filename": null, "id": "region_406", "name": "pagefile_0x0000000004370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 70713344, "timestamp": "00:00:52.078", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000407-addr_0x0000000004380000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 70778880, "type": "region", "version": 1 }, "end_va": 70791167, "entry_point": 0, "filename": null, "id": "region_407", "name": "private_0x0000000004380000", "norm_filename": null, "region_type": "private_memory", "start_va": 70778880, "timestamp": "00:00:52.079", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000408-addr_0x0000000004390000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 70844416, "type": "region", "version": 1 }, "end_va": 71368703, "entry_point": 0, "filename": null, "id": "region_408", "name": "private_0x0000000004390000", "norm_filename": null, "region_type": "private_memory", "start_va": 70844416, "timestamp": "00:00:52.079", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000409-addr_0x0000000004410000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 71368704, "type": "region", "version": 1 }, "end_va": 71372799, "entry_point": 0, "filename": null, "id": "region_409", "name": "private_0x0000000004410000", "norm_filename": null, "region_type": "private_memory", "start_va": 71368704, "timestamp": "00:00:52.079", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\SysWOW64\\autofmt.exe\"", "filename": "c:\\windows\\syswow64\\autofmt.exe", "id": "proc_4", "image_name": "autofmt.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000685-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_272", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_685", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000686-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:57.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_687", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:57.156", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000688-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_688", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:57.159", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000689-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_689", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:57.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 671744, "start_va": 12058624, "type": "region", "version": 1 }, "end_va": 12730367, "entry_point": 12058624, "filename": "\\Windows\\SysWOW64\\autofmt.exe", "id": "region_690", "name": "autofmt.exe", "norm_filename": "c:\\windows\\syswow64\\autofmt.exe", "region_type": "memory_mapped_file", "start_va": 12058624, "timestamp": "00:00:57.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_691", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:00:57.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_692", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:00:57.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_693", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:57.169", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000694-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_694", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:57.169", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000695-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_695", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:57.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000696-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_696", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:57.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_697", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:57.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000698-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_698", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:57.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_699", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:57.171", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\SysWOW64\\msiexec.exe\"", "filename": "c:\\windows\\syswow64\\msiexec.exe", "id": "proc_5", "image_name": "msiexec.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000700-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_700", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:57.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000701-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_701", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:57.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_702", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:57.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_703", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:57.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_704", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:57.337", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000705-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_282", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_705", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:57.338", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000706-addr_0x0000000000160000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_283", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_706", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:00:57.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 10436607, "entry_point": 10354688, "filename": "\\Windows\\SysWOW64\\msiexec.exe", "id": "region_707", "name": "msiexec.exe", "norm_filename": "c:\\windows\\syswow64\\msiexec.exe", "region_type": "memory_mapped_file", "start_va": 10354688, "timestamp": "00:00:57.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_708", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:00:57.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_709", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:00:57.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_710", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:57.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000711-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_284", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_711", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:57.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000712-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_285", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:57.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000713-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_286", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_713", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:57.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_714", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:57.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000715-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_715", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:57.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_716", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:57.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 999423, "entry_point": 0, "filename": null, "id": "region_718", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:59.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 10436607, "entry_point": 0, "filename": null, "id": "region_720", "name": "pagefile_0x00000000009e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10354688, "timestamp": "00:00:59.799", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000721-addr_0x00000000001f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_721", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:00.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940701183, "entry_point": 1940584344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_722", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:01:00.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940975615, "entry_point": 1940905592, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_723", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:01:00.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1941209087, "entry_point": 1941184760, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_724", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:01:00.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_725", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:00.163", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000726-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_289", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_726", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:00.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4354047, "entry_point": 3932160, "filename": "\\Windows\\System32\\locale.nls", "id": "region_727", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:01:00.164", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000728-addr_0x00000000004e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_728", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:01:00.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1955594240, "type": "region", "version": 1 }, "end_va": 1957953535, "entry_point": 1955594240, "filename": "\\Windows\\SysWOW64\\msi.dll", "id": "region_729", "name": "msi.dll", "norm_filename": "c:\\windows\\syswow64\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1955594240, "timestamp": "00:01:00.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963659489, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_730", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:01:00.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1964113919, "entry_point": 1963828147, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_731", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:01:00.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965162495, "entry_point": 1964226285, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_732", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:01:00.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965395967, "entry_point": 1965312373, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_733", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:01:00.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965466738, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_734", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:01:00.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966497791, "entry_point": 1966240888, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_735", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:00.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1967849471, "entry_point": 1966933353, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_736", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:01:00.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1968137027, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_737", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:01:00.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1968635904, "type": "region", "version": 1 }, "end_va": 1970061311, "entry_point": 1968945725, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_738", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1968635904, "timestamp": "00:01:00.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986789375, "entry_point": 1985753811, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_739", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:00.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1987420159, "entry_point": 1987393184, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_740", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:01:00.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1987444736, "type": "region", "version": 1 }, "end_va": 1988100095, "entry_point": 1987529189, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_741", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1987444736, "timestamp": "00:01:00.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1992085503, "entry_point": 1991655383, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_742", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:01:00.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997893631, "entry_point": 1997642662, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_743", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:01:00.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000744-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_291", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 0, "filename": null, "id": "region_744", "name": "private_0x0000000077160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997930496, "timestamp": "00:01:00.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000745-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_292", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 0, "filename": null, "id": "region_745", "name": "private_0x0000000077260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998979072, "timestamp": "00:01:00.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_746", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:00.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_747", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:00.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6782975, "entry_point": 0, "filename": null, "id": "region_748", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:01:00.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990203019, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_749", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:01:00.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1991049216, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1991120271, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_750", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1991049216, "timestamp": "00:01:00.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_751", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:00.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_752", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:00.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 458752, "filename": "\\Windows\\SysWOW64\\en-US\\msiexec.exe.mui", "id": "region_753", "name": "msiexec.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\msiexec.exe.mui", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:00.625", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000754-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_754", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:00.634", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000755-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_755", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:00.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 8392703, "entry_point": 0, "filename": null, "id": "region_756", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:01:00.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_757", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:01:00.635", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000758-addr_0x0000000001e00000-size_0x0000000000181000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1576960, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 33034239, "entry_point": 0, "filename": null, "id": "region_758", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:01:00.635", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000759-addr_0x0000000001f90000-size_0x0000000000303000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 3158016, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 36253695, "entry_point": 0, "filename": null, "id": "region_759", "name": "private_0x0000000001f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 33095680, "timestamp": "00:01:00.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000760-addr_0x0000000000110000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_760", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:00.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_869", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:01:06.861", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000870-addr_0x0000000000430000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_330", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_870", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:06.862", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000871-addr_0x0000000000470000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_331", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_871", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:06.862", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000872-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_332", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_872", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:06.862", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000873-addr_0x00000000001a0000-size_0x0000000000024000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_333", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1851391, "entry_point": 0, "filename": null, "id": "region_873", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:06.864", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000874-addr_0x0000000000810000-size_0x0000000000065000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_334", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 413696, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 8867839, "entry_point": 0, "filename": null, "id": "region_874", "name": "private_0x0000000000810000", "norm_filename": null, "region_type": "private_memory", "start_va": 8454144, "timestamp": "00:01:06.866", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000875-addr_0x0000000000880000-size_0x0000000000065000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_335", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 413696, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 9326591, "entry_point": 0, "filename": null, "id": "region_875", "name": "private_0x0000000000880000", "norm_filename": null, "region_type": "private_memory", "start_va": 8912896, "timestamp": "00:01:06.867", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000876-addr_0x0000000000140000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_336", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_876", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:06.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5120000, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 41426943, "entry_point": 0, "filename": null, "id": "region_877", "name": "pagefile_0x00000000022a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36306944, "timestamp": "00:01:06.893", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000878-addr_0x0000000001e00000-size_0x00000000000fb000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_337", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1028096, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 32485375, "entry_point": 0, "filename": null, "id": "region_878", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:01:06.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1989017600, "type": "region", "version": 1 }, "end_va": 1990184959, "entry_point": 1989017600, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_879", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1989017600, "timestamp": "00:01:07.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2001928192, "type": "region", "version": 1 }, "end_va": 2001977343, "entry_point": 2001928192, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_880", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2001928192, "timestamp": "00:01:07.094", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000881-addr_0x0000000002790000-size_0x00000000001f5000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_338", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2052096, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 43536383, "entry_point": 0, "filename": null, "id": "region_881", "name": "private_0x0000000002790000", "norm_filename": null, "region_type": "private_memory", "start_va": 41484288, "timestamp": "00:01:07.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1938489344, "type": "region", "version": 1 }, "end_va": 1939013631, "entry_point": 1938569161, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_882", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1938489344, "timestamp": "00:01:07.123", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000883-addr_0x0000000002990000-size_0x0000000000210000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_339", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2162688, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 45744127, "entry_point": 0, "filename": null, "id": "region_883", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:01:07.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 10285055, "entry_point": 0, "filename": null, "id": "region_884", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:01:07.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_885", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:07.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970614271, "entry_point": 1970077696, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_886", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:01:07.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1983774720, "type": "region", "version": 1 }, "end_va": 1984360447, "entry_point": 1983791025, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_887", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1983774720, "timestamp": "00:01:07.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_888", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:07.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11010048, "start_va": 1944584192, "type": "region", "version": 1 }, "end_va": 1955594239, "entry_point": 1944584192, "filename": "\\Windows\\SysWOW64\\ieframe.dll", "id": "region_889", "name": "ieframe.dll", "norm_filename": "c:\\windows\\syswow64\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 1944584192, "timestamp": "00:01:07.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1966538752, "type": "region", "version": 1 }, "end_va": 1966559231, "entry_point": 1966538752, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_890", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1966538752, "timestamp": "00:01:07.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962590207, "entry_point": 1962344448, "filename": "\\Windows\\SysWOW64\\oleacc.dll", "id": "region_891", "name": "oleacc.dll", "norm_filename": "c:\\windows\\syswow64\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:01:07.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1983750143, "entry_point": 1971394049, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_892", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:08.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1995616255, "entry_point": 1993539584, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_893", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:01:08.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 1966080, "filename": "\\Windows\\SysWOW64\\oleaccrc.dll", "id": "region_894", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\syswow64\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 1966080, "timestamp": "00:01:08.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2564095, "entry_point": 0, "filename": null, "id": "region_895", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:01:08.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1962336255, "entry_point": 1960640512, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_896", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:01:08.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 2621440, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_897", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2621440, "timestamp": "00:01:08.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2695167, "entry_point": 0, "filename": null, "id": "region_898", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:08.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 45744128, "type": "region", "version": 1 }, "end_va": 48689151, "entry_point": 45744128, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_899", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 45744128, "timestamp": "00:01:08.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960632319, "entry_point": 1960443904, "filename": "\\Windows\\SysWOW64\\mlang.dll", "id": "region_900", "name": "mlang.dll", "norm_filename": "c:\\windows\\syswow64\\mlang.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:01:08.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1992163328, "type": "region", "version": 1 }, "end_va": 1993166847, "entry_point": 1992163328, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_901", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1992163328, "timestamp": "00:01:08.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1985634303, "entry_point": 1984364544, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_902", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:01:08.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_903", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:08.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1960378368, "type": "region", "version": 1 }, "end_va": 1960423423, "entry_point": 1960378368, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_904", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1960378368, "timestamp": "00:01:08.693", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000905-addr_0x00000000002a0000-size_0x000000000000c000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_340", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 49152, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2801663, "entry_point": 2752512, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_905", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 2752512, "timestamp": "00:01:08.721", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000906-addr_0x00000000002b0000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_341", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2850815, "entry_point": 2818048, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_906", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:01:08.723", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000907-addr_0x00000000004b0000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_342", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4947967, "entry_point": 4915200, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_907", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 4915200, "timestamp": "00:01:08.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1960181760, "type": "region", "version": 1 }, "end_va": 1960316927, "entry_point": 1960181760, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_908", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1960181760, "timestamp": "00:01:08.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993494527, "entry_point": 1993211904, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_909", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:01:08.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1960116224, "type": "region", "version": 1 }, "end_va": 1960153087, "entry_point": 1960116224, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_910", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1960116224, "timestamp": "00:01:08.872", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000911-addr_0x0000000001f00000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_343", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 32505856, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat", "id": "region_911", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat", "region_type": "memory_mapped_file", "start_va": 32505856, "timestamp": "00:01:08.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 48693248, "type": "region", "version": 1 }, "end_va": 52113407, "entry_point": 0, "filename": null, "id": "region_912", "name": "pagefile_0x0000000002e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48693248, "timestamp": "00:01:08.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1960071167, "entry_point": 1958281216, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", "id": "region_913", "name": "nss3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:09.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962549247, "entry_point": 1962344448, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_914", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:01:09.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1958215680, "type": "region", "version": 1 }, "end_va": 1958244351, "entry_point": 1958215680, "filename": "\\Windows\\SysWOW64\\wsock32.dll", "id": "region_915", "name": "wsock32.dll", "norm_filename": "c:\\windows\\syswow64\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1958215680, "timestamp": "00:01:09.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1966604288, "type": "region", "version": 1 }, "end_va": 1966821375, "entry_point": 1966604288, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_916", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1966604288, "timestamp": "00:01:09.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992097792, "type": "region", "version": 1 }, "end_va": 1992122367, "entry_point": 1992097792, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_917", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992097792, "timestamp": "00:01:09.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955590143, "entry_point": 1954807808, "filename": "\\Windows\\SysWOW64\\msvcr100.dll", "id": "region_918", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:01:09.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962541056, "type": "region", "version": 1 }, "end_va": 1962590207, "entry_point": 1962541056, "filename": "\\Windows\\SysWOW64\\vaultcli.dll", "id": "region_919", "name": "vaultcli.dll", "norm_filename": "c:\\windows\\syswow64\\vaultcli.dll", "region_type": "memory_mapped_file", "start_va": 1962541056, "timestamp": "00:01:10.250", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000920-addr_0x00000000027d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_344", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 42008575, "entry_point": 0, "filename": null, "id": "region_920", "name": "private_0x00000000027d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41746432, "timestamp": "00:01:11.137", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000921-addr_0x0000000002810000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_345", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42008576, "type": "region", "version": 1 }, "end_va": 42270719, "entry_point": 0, "filename": null, "id": "region_921", "name": "private_0x0000000002810000", "norm_filename": null, "region_type": "private_memory", "start_va": 42008576, "timestamp": "00:01:11.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1958477824, "type": "region", "version": 1 }, "end_va": 1960116223, "entry_point": 1958477824, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_922", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1958477824, "timestamp": "00:01:11.137", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000923-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_346", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_923", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:11.222", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000924-addr_0x0000000002850000-size_0x00000000000e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_347", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 917504, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 43188223, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x0000000002850000", "norm_filename": null, "region_type": "private_memory", "start_va": 42270720, "timestamp": "00:01:11.365", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000925-addr_0x00000000028a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_348", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 42860543, "entry_point": 0, "filename": null, "id": "region_925", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:01:11.566", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000926-addr_0x0000000002920000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_349", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 43122688, "type": "region", "version": 1 }, "end_va": 43188223, "entry_point": 0, "filename": null, "id": "region_926", "name": "private_0x0000000002920000", "norm_filename": null, "region_type": "private_memory", "start_va": 43122688, "timestamp": "00:01:11.566", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000927-addr_0x0000000002940000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_350", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43515903, "entry_point": 0, "filename": null, "id": "region_927", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:01:11.566", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000928-addr_0x00000000031c0000-size_0x00000000004f2000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_351", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 5185536, "start_va": 52166656, "type": "region", "version": 1 }, "end_va": 57352191, "entry_point": 0, "filename": null, "id": "region_928", "name": "private_0x00000000031c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52166656, "timestamp": "00:01:11.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000929-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_352", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_929", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:11.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000930-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_353", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_930", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:11.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1955573759, "entry_point": 1954545664, "filename": "\\Windows\\SysWOW64\\WindowsCodecs.dll", "id": "region_931", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\syswow64\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:01:11.650", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000932-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_354", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_932", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:01:11.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000933-addr_0x00000000004c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_355", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 4984831, "entry_point": 0, "filename": null, "id": "region_933", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:01:11.816", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000934-addr_0x0000000002980000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_356", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 43515904, "type": "region", "version": 1 }, "end_va": 44564479, "entry_point": 0, "filename": null, "id": "region_934", "name": "private_0x0000000002980000", "norm_filename": null, "region_type": "private_memory", "start_va": 43515904, "timestamp": "00:01:11.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42737663, "entry_point": 0, "filename": null, "id": "region_938", "name": "pagefile_0x0000000002850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42270720, "timestamp": "00:01:16.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42840063, "entry_point": 0, "filename": null, "id": "region_957", "name": "pagefile_0x0000000002850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42270720, "timestamp": "00:01:22.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33046527, "entry_point": 0, "filename": null, "id": "region_959", "name": "pagefile_0x0000000001f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32768000, "timestamp": "00:01:22.298", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000961-addr_0x0000000000140000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_365", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_961", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:22.309", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001018-addr_0x0000000000140000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_377", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_1018", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:27.432", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c copy \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lxqfwvdqlkd.exe\" \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\igfxonux.scr\" /V", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_6", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000761-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_761", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:03.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000762-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_762", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:03.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_763", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:03.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_764", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:03.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_765", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:03.005", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000766-addr_0x00000000000b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_300", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_766", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:03.006", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000767-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_767", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:03.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1243742208, "type": "region", "version": 1 }, "end_va": 1244053503, "entry_point": 1243742208, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_768", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1243742208, "timestamp": "00:01:03.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_769", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:01:03.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_770", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:01:03.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_771", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:03.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000772-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_772", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:03.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000773-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_303", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_773", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:03.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000774-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_304", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_774", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:03.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_775", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:03.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000776-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_776", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:03.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_777", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:03.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000778-addr_0x0000000000250000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_306", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_778", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:03.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940701183, "entry_point": 1940584344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_779", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:01:03.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940975615, "entry_point": 1940905592, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_780", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:01:03.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1941209087, "entry_point": 1941184760, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_781", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:01:03.024", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000782-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_307", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 0, "filename": null, "id": "region_782", "name": "private_0x0000000077160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997930496, "timestamp": "00:01:03.024", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000783-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_308", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 0, "filename": null, "id": "region_783", "name": "private_0x0000000077260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998979072, "timestamp": "00:01:03.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_784", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:03.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_785", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:03.316", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000786-addr_0x0000000000330000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_309", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_786", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:03.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4812799, "entry_point": 4390912, "filename": "\\Windows\\System32\\locale.nls", "id": "region_787", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 4390912, "timestamp": "00:01:03.316", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000788-addr_0x0000000000550000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_310", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_788", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:01:03.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962541056, "type": "region", "version": 1 }, "end_va": 1962569727, "entry_point": 1962541056, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_789", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1962541056, "timestamp": "00:01:03.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963659489, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_790", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:01:03.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1964113919, "entry_point": 1963828147, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_791", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:01:03.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965162495, "entry_point": 1964226285, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_792", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:01:03.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965395967, "entry_point": 1965312373, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_793", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:01:03.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965466738, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_794", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:01:03.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966497791, "entry_point": 1966240888, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_795", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:03.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1967849471, "entry_point": 1966933353, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_796", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:01:03.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1968137027, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_797", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:01:03.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986789375, "entry_point": 1985753811, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_798", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:03.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1987420159, "entry_point": 1987393184, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_799", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:01:03.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1987444736, "type": "region", "version": 1 }, "end_va": 1988100095, "entry_point": 1987529189, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_800", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1987444736, "timestamp": "00:01:03.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1992085503, "entry_point": 1991655383, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_801", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:01:03.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_802", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:03.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_803", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:03.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 7241727, "entry_point": 0, "filename": null, "id": "region_804", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:01:03.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990203019, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_805", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:01:03.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1991049216, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1991120271, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_806", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1991049216, "timestamp": "00:01:03.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_807", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:03.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_808", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:03.339", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000809-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_311", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_809", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:03.340", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000810-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_312", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_810", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:03.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8851455, "entry_point": 0, "filename": null, "id": "region_811", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:03.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 0, "filename": null, "id": "region_812", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:01:03.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 33304575, "entry_point": 0, "filename": null, "id": "region_813", "name": "pagefile_0x0000000001c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29884416, "timestamp": "00:01:03.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000814-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_313", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_814", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:03.448", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000815-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_815", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:03.449", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c del \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lxqfwvdqlkd.exe\"", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_7", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00000816-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_816", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:06.760", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000817-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_316", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_817", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:06.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_818", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:06.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_819", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:06.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_820", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:06.763", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000821-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_821", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:06.763", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000822-addr_0x0000000000200000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_318", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_822", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:06.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1244004352, "type": "region", "version": 1 }, "end_va": 1244315647, "entry_point": 1244037786, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_823", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1244004352, "timestamp": "00:01:06.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_824", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:01:06.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_825", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:01:06.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_826", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:06.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000827-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_827", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:06.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000828-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_320", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_828", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:06.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000829-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_321", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_829", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:06.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_830", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:06.769", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000831-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_322", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_831", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:06.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_832", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:06.769", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000833-addr_0x00000000000c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_323", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_833", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:06.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940701183, "entry_point": 1940584344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_834", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:01:06.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940975615, "entry_point": 1940905592, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_835", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:01:06.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1941209087, "entry_point": 1941184760, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_836", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:01:06.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_837", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:06.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_838", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:06.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2060287, "entry_point": 1638400, "filename": "\\Windows\\System32\\locale.nls", "id": "region_839", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:01:06.806", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000840-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_324", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_840", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:06.807", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000841-addr_0x00000000004f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_325", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_841", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:01:06.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1962504191, "entry_point": 1962480176, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_842", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:01:06.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963659489, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_843", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:01:06.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1964113919, "entry_point": 1963828147, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_844", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:01:06.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965162495, "entry_point": 1964226285, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_845", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:01:06.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965395967, "entry_point": 1965312373, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_846", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:01:06.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965466738, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_847", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:01:06.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966497791, "entry_point": 1966240888, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_848", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:06.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1967849471, "entry_point": 1966933353, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_849", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:01:06.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1968137027, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_850", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:01:06.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986789375, "entry_point": 1985753811, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_851", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:06.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1987420159, "entry_point": 1987393184, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_852", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:01:06.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1987444736, "type": "region", "version": 1 }, "end_va": 1988100095, "entry_point": 1987529189, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_853", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1987444736, "timestamp": "00:01:06.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1992085503, "entry_point": 1991655383, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_854", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:01:06.816", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000855-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_326", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 0, "filename": null, "id": "region_855", "name": "private_0x0000000077160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997930496, "timestamp": "00:01:06.817", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000856-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_327", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 0, "filename": null, "id": "region_856", "name": "private_0x0000000077260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998979072, "timestamp": "00:01:06.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_857", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:06.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_858", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:06.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6848511, "entry_point": 0, "filename": null, "id": "region_859", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:01:06.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990203019, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_860", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:01:06.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1991049216, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1991120271, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_861", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1991049216, "timestamp": "00:01:06.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_862", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:06.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_863", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:06.827", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000864-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_328", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_864", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:06.828", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000865-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_329", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_865", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:06.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_866", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:01:06.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 29491199, "entry_point": 0, "filename": null, "id": "region_867", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:01:06.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 32911359, "entry_point": 0, "filename": null, "id": "region_868", "name": "pagefile_0x0000000001c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29491200, "timestamp": "00:01:06.828", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe\"", "filename": "c:\\program files (x86)\\mozilla firefox\\firefox.exe", "id": "proc_8", "image_name": "firefox.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00000939-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_357", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_939", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:22.250", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000940-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_358", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_940", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:22.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_941", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:22.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_942", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:22.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000943-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_359", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_943", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:22.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000944-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_360", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_944", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:22.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 19333120, "type": "region", "version": 1 }, "end_va": 19611647, "entry_point": 19333120, "filename": "\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", "id": "region_945", "name": "firefox.exe", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\firefox.exe", "region_type": "memory_mapped_file", "start_va": 19333120, "timestamp": "00:01:22.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_946", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:01:22.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_947", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:01:22.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_948", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:22.268", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000949-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_361", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_949", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:22.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 4294639616, "type": "region", "version": 1 }, "end_va": 4294782975, "entry_point": 0, "filename": null, "id": "region_950", "name": "pagefile_0x00000000fffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4294639616, "timestamp": "00:01:22.268", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000951-addr_0x00000000fffdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_362", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 4294815744, "type": "region", "version": 1 }, "end_va": 4294828031, "entry_point": 0, "filename": null, "id": "region_951", "name": "private_0x00000000fffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 4294815744, "timestamp": "00:01:22.268", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000952-addr_0x00000000fffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_363", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4294828032, "type": "region", "version": 1 }, "end_va": 4294832127, "entry_point": 0, "filename": null, "id": "region_952", "name": "private_0x00000000fffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 4294828032, "timestamp": "00:01:22.269", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000953-addr_0x00000000fffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_364", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4294832128, "type": "region", "version": 1 }, "end_va": 4294836223, "entry_point": 0, "filename": null, "id": "region_953", "name": "private_0x00000000fffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 4294832128, "timestamp": "00:01:22.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8791798120448, "start_va": 4294836224, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_954", "name": "private_0x00000000fffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4294836224, "timestamp": "00:01:22.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 405503, "entry_point": 0, "filename": null, "id": "region_955", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:22.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5120000, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 9052159, "entry_point": 0, "filename": null, "id": "region_956", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:01:22.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 569344, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1028095, "entry_point": 0, "filename": null, "id": "region_958", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:22.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 19333120, "type": "region", "version": 1 }, "end_va": 19611647, "entry_point": 0, "filename": null, "id": "region_960", "name": "pagefile_0x0000000001270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19333120, "timestamp": "00:01:22.304", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000962-addr_0x0000000000aa0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_366", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 11141120, "type": "region", "version": 1 }, "end_va": 11665407, "entry_point": 0, "filename": null, "id": "region_962", "name": "private_0x0000000000aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11141120, "timestamp": "00:01:22.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940701183, "entry_point": 1940584344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_963", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:01:22.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940975615, "entry_point": 1940905592, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_964", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:01:22.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1941209087, "entry_point": 1941184760, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_965", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:01:22.337", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000966-addr_0x0000000000d10000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_367", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 13697024, "type": "region", "version": 1 }, "end_va": 13959167, "entry_point": 0, "filename": null, "id": "region_966", "name": "private_0x0000000000d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 13697024, "timestamp": "00:01:22.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966497791, "entry_point": 1966240888, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_967", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:22.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986789375, "entry_point": 1985753811, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_968", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:22.345", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000969-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_368", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 0, "filename": null, "id": "region_969", "name": "private_0x0000000077160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997930496, "timestamp": "00:01:22.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000970-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_369", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 0, "filename": null, "id": "region_970", "name": "private_0x0000000077260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998979072, "timestamp": "00:01:22.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_971", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:22.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1470463, "entry_point": 1048576, "filename": "\\Windows\\System32\\locale.nls", "id": "region_972", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:01:22.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1953759232, "type": "region", "version": 1 }, "end_va": 1954537471, "entry_point": 1953759232, "filename": "\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll", "id": "region_973", "name": "msvcr100.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1953759232, "timestamp": "00:01:22.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963659489, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_974", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:01:22.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1964113919, "entry_point": 1963828147, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_975", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:01:22.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965162495, "entry_point": 1964226285, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_976", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:01:22.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965395967, "entry_point": 1965312373, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_977", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:01:22.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965466738, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_978", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:01:22.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1967849471, "entry_point": 1966933353, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_979", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:01:22.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1968137027, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_980", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:01:22.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1987420159, "entry_point": 1987393184, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_981", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:01:22.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1987444736, "type": "region", "version": 1 }, "end_va": 1988100095, "entry_point": 1987529189, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_982", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1987444736, "timestamp": "00:01:22.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1992085503, "entry_point": 1991655383, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_983", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:01:22.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_984", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:22.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_985", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:22.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 10715135, "entry_point": 0, "filename": null, "id": "region_986", "name": "pagefile_0x00000000008b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9109504, "timestamp": "00:01:22.556", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000987-addr_0x0000000000a80000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_370", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 11075583, "entry_point": 0, "filename": null, "id": "region_987", "name": "private_0x0000000000a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 11010048, "timestamp": "00:01:22.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990203019, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_988", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:01:22.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1991049216, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1991120271, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_989", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1991049216, "timestamp": "00:01:22.558", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000990-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_371", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_990", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:22.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000991-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_372", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_991", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:22.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000992-addr_0x0000000000230000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_373", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_992", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:22.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 11665408, "type": "region", "version": 1 }, "end_va": 13242367, "entry_point": 0, "filename": null, "id": "region_993", "name": "pagefile_0x0000000000b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11665408, "timestamp": "00:01:22.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 13959168, "type": "region", "version": 1 }, "end_va": 15532031, "entry_point": 13959168, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_994", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 13959168, "timestamp": "00:01:22.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 19660800, "type": "region", "version": 1 }, "end_va": 40632319, "entry_point": 0, "filename": null, "id": "region_995", "name": "pagefile_0x00000000012c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19660800, "timestamp": "00:01:22.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1966604288, "type": "region", "version": 1 }, "end_va": 1966821375, "entry_point": 1966609501, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_996", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1966604288, "timestamp": "00:01:22.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992097792, "type": "region", "version": 1 }, "end_va": 1992122367, "entry_point": 1992103810, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_997", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992097792, "timestamp": "00:01:22.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951895551, "entry_point": 1951465472, "filename": "\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll", "id": "region_998", "name": "msvcp100.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:01:23.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1951924224, "type": "region", "version": 1 }, "end_va": 1953714175, "entry_point": 1953376291, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", "id": "region_999", "name": "nss3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1951924224, "timestamp": "00:01:23.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958158335, "entry_point": 1958019072, "filename": "\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll", "id": "region_1000", "name": "mozglue.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:01:23.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1958215680, "type": "region", "version": 1 }, "end_va": 1958420479, "entry_point": 1958230001, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_1001", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1958215680, "timestamp": "00:01:23.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1962504191, "entry_point": 1962479904, "filename": "\\Windows\\SysWOW64\\wsock32.dll", "id": "region_1002", "name": "wsock32.dll", "norm_filename": "c:\\windows\\syswow64\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:01:23.114", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001003-addr_0x0000000000ed0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_374", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 15532032, "type": "region", "version": 1 }, "end_va": 16580607, "entry_point": 0, "filename": null, "id": "region_1003", "name": "private_0x0000000000ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15532032, "timestamp": "00:01:23.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1989017600, "type": "region", "version": 1 }, "end_va": 1990184959, "entry_point": 1989023114, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1004", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1989017600, "timestamp": "00:01:23.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2001928192, "type": "region", "version": 1 }, "end_va": 2001977343, "entry_point": 2001937294, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1005", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2001928192, "timestamp": "00:01:23.428", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001006-addr_0x0000000001000000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_375", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 16777216, "type": "region", "version": 1 }, "end_va": 17825791, "entry_point": 0, "filename": null, "id": "region_1006", "name": "private_0x0000000001000000", "norm_filename": null, "region_type": "private_memory", "start_va": 16777216, "timestamp": "00:01:24.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 40632320, "type": "region", "version": 1 }, "end_va": 43577343, "entry_point": 40632320, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1007", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 40632320, "timestamp": "00:01:24.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1951268864, "type": "region", "version": 1 }, "end_va": 1951428607, "entry_point": 1951268864, "filename": "\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll", "id": "region_1008", "name": "softokn3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1951268864, "timestamp": "00:01:24.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962438655, "entry_point": 1962344448, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll", "id": "region_1009", "name": "nssdbm3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:01:24.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1601535, "entry_point": 0, "filename": null, "id": "region_1010", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:24.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1646591, "entry_point": 0, "filename": null, "id": "region_1011", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:24.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 47722495, "entry_point": 0, "filename": null, "id": "region_1012", "name": "pagefile_0x0000000002990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43581440, "timestamp": "00:01:24.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1950941184, "type": "region", "version": 1 }, "end_va": 1951264767, "entry_point": 1950941184, "filename": "\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll", "id": "region_1013", "name": "freebl3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1950941184, "timestamp": "00:01:24.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1983750143, "entry_point": 1971394049, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1014", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:24.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997893631, "entry_point": 1997642662, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1015", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:01:24.843", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\igfxonux.scr\" /S", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr", "id": "proc_9", "image_name": "igfxonux.scr", "monitor_reason": "autostart", "monitored_id": 9, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1019", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:48.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1020", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:48.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1021", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:48.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1022", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:48.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1023", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:48.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_1024", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:48.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 294912, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4489215, "entry_point": 4194304, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\igfxonux.scr", "id": "region_1025", "name": "igfxonux.scr", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:48.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1999306752, "type": "region", "version": 1 }, "end_va": 2001047551, "entry_point": 1999306752, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1026", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999306752, "timestamp": "00:01:48.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2001272832, "type": "region", "version": 1 }, "end_va": 2002845695, "entry_point": 2001272832, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1027", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001272832, "timestamp": "00:01:48.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1028", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:48.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1029", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:48.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1030", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:48.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1031", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:48.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1032", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:48.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1033", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:48.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1034", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:48.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1156", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:51.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1939865600, "type": "region", "version": 1 }, "end_va": 1939898367, "entry_point": 1939865600, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1157", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1939865600, "timestamp": "00:01:51.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1939931136, "type": "region", "version": 1 }, "end_va": 1940307967, "entry_point": 1939931136, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1158", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1939931136, "timestamp": "00:01:51.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940582399, "entry_point": 1940324352, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1159", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:01:51.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_1160", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:51.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1988296703, "entry_point": 1987182592, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1161", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:01:51.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1994457088, "type": "region", "version": 1 }, "end_va": 1994743807, "entry_point": 1994457088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1162", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1994457088, "timestamp": "00:01:52.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998254079, "entry_point": 0, "filename": null, "id": "region_1163", "name": "private_0x0000000077090000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997078528, "timestamp": "00:01:52.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1998258176, "type": "region", "version": 1 }, "end_va": 1999282175, "entry_point": 0, "filename": null, "id": "region_1164", "name": "private_0x00000000771b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998258176, "timestamp": "00:01:52.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1165", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:52.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4091903, "entry_point": 3670016, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1166", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3670016, "timestamp": "00:01:52.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1388544, "start_va": 1922301952, "type": "region", "version": 1 }, "end_va": 1923690495, "entry_point": 1922301952, "filename": "\\Windows\\SysWOW64\\msvbvm60.dll", "id": "region_1167", "name": "msvbvm60.dll", "norm_filename": "c:\\windows\\syswow64\\msvbvm60.dll", "region_type": "memory_mapped_file", "start_va": 1922301952, "timestamp": "00:01:52.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962803200, "type": "region", "version": 1 }, "end_va": 1962852351, "entry_point": 1962803200, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1168", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962803200, "timestamp": "00:01:52.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1963261951, "entry_point": 1962868736, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1169", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:01:52.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1981149183, "entry_point": 1980563456, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1170", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:01:52.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1982201856, "type": "region", "version": 1 }, "end_va": 1982857215, "entry_point": 1982201856, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1171", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1982201856, "timestamp": "00:01:52.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982857216, "type": "region", "version": 1 }, "end_va": 1983447039, "entry_point": 1982857216, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1172", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982857216, "timestamp": "00:01:52.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1173", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:01:52.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1991245824, "type": "region", "version": 1 }, "end_va": 1992671231, "entry_point": 1991245824, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1174", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1991245824, "timestamp": "00:01:52.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1992949760, "type": "region", "version": 1 }, "end_va": 1993654271, "entry_point": 1992949760, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1175", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1992949760, "timestamp": "00:01:52.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1993670656, "type": "region", "version": 1 }, "end_va": 1993711615, "entry_point": 1993670656, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1176", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1993670656, "timestamp": "00:01:52.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1993801728, "type": "region", "version": 1 }, "end_va": 1994444799, "entry_point": 1993801728, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1177", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1993801728, "timestamp": "00:01:52.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1994952703, "entry_point": 1994850304, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1178", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:01:52.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1996029952, "type": "region", "version": 1 }, "end_va": 1997078527, "entry_point": 1996029952, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1179", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996029952, "timestamp": "00:01:52.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1180", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:52.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1181", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:52.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 6127615, "entry_point": 0, "filename": null, "id": "region_1182", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:01:53.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_1183", "name": "private_0x0000000000640000", "norm_filename": null, "region_type": "private_memory", "start_va": 6553600, "timestamp": "00:01:53.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1981153280, "type": "region", "version": 1 }, "end_va": 1981988863, "entry_point": 1981153280, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1184", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1981153280, "timestamp": "00:01:53.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984757760, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1185", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:01:53.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1186", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:53.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1187", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:53.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 8196095, "entry_point": 0, "filename": null, "id": "region_1188", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:01:53.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 29229055, "entry_point": 0, "filename": null, "id": "region_1189", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:53.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_1190", "name": "private_0x0000000001c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 29884416, "timestamp": "00:01:53.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 34144255, "entry_point": 0, "filename": null, "id": "region_1191", "name": "private_0x0000000001c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 29949952, "timestamp": "00:01:53.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34144256, "type": "region", "version": 1 }, "end_va": 37089279, "entry_point": 34144256, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1192", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34144256, "timestamp": "00:01:53.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 38469631, "entry_point": 0, "filename": null, "id": "region_1193", "name": "private_0x0000000002360000", "norm_filename": null, "region_type": "private_memory", "start_va": 37093376, "timestamp": "00:01:53.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39649279, "entry_point": 0, "filename": null, "id": "region_1194", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:01:53.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1937637376, "type": "region", "version": 1 }, "end_va": 1938161663, "entry_point": 1937637376, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1195", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1937637376, "timestamp": "00:01:53.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 29229056, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 0, "filename": null, "id": "region_1196", "name": "private_0x0000000001be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29229056, "timestamp": "00:01:53.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 38006783, "entry_point": 0, "filename": null, "id": "region_1197", "name": "pagefile_0x0000000002360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37093376, "timestamp": "00:01:53.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38207488, "type": "region", "version": 1 }, "end_va": 38469631, "entry_point": 0, "filename": null, "id": "region_1198", "name": "private_0x0000000002470000", "norm_filename": null, "region_type": "private_memory", "start_va": 38207488, "timestamp": "00:01:53.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1199", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:53.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 40763391, "entry_point": 0, "filename": null, "id": "region_1200", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:01:53.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1939406848, "type": "region", "version": 1 }, "end_va": 1939795967, "entry_point": 1939406848, "filename": "\\Windows\\SysWOW64\\sxs.dll", "id": "region_1201", "name": "sxs.dll", "norm_filename": "c:\\windows\\syswow64\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1939406848, "timestamp": "00:01:53.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1926627328, "type": "region", "version": 1 }, "end_va": 1926705151, "entry_point": 1926627328, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_1202", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1926627328, "timestamp": "00:01:54.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 0, "filename": null, "id": "region_1203", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:54.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_1204", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:54.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 44904447, "entry_point": 0, "filename": null, "id": "region_1205", "name": "pagefile_0x00000000026e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40763392, "timestamp": "00:01:54.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 44957696, "type": "region", "version": 1 }, "end_va": 54591487, "entry_point": 44957696, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1206", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 44957696, "timestamp": "00:01:54.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962676223, "entry_point": 1962344448, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_1207", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:01:55.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 40632319, "entry_point": 0, "filename": null, "id": "region_1208", "name": "private_0x00000000025d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39649280, "timestamp": "00:01:55.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6422527, "entry_point": 0, "filename": null, "id": "region_1214", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:02:02.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 54591488, "type": "region", "version": 1 }, "end_va": 55640063, "entry_point": 0, "filename": null, "id": "region_1215", "name": "private_0x0000000003410000", "norm_filename": null, "region_type": "private_memory", "start_va": 54591488, "timestamp": "00:02:02.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1216", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:02:02.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2433023, "entry_point": 0, "filename": null, "id": "region_1217", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:02:02.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 2424832, "filename": "\\Windows\\SysWOW64\\en-US\\msctf.dll.mui", "id": "region_1218", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:02:02.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2498559, "entry_point": 0, "filename": null, "id": "region_1219", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:02:02.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 0, "filename": null, "id": "region_1220", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:02:02.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988833279, "entry_point": 1988296704, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1221", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:02:02.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_1222", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:02:03.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 38469632, "type": "region", "version": 1 }, "end_va": 38993919, "entry_point": 0, "filename": null, "id": "region_1223", "name": "private_0x00000000024b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38469632, "timestamp": "00:02:03.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4165631, "entry_point": 0, "filename": null, "id": "region_1224", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:02:03.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 67108864, "start_va": 55640064, "type": "region", "version": 1 }, "end_va": 122748927, "entry_point": 0, "filename": null, "id": "region_1225", "name": "private_0x0000000003510000", "norm_filename": null, "region_type": "private_memory", "start_va": 55640064, "timestamp": "00:02:17.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29229056, "type": "region", "version": 1 }, "end_va": 29491199, "entry_point": 0, "filename": null, "id": "region_1226", "name": "private_0x0000000001be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29229056, "timestamp": "00:02:26.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 0, "filename": null, "id": "region_1227", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:02:26.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38993920, "type": "region", "version": 1 }, "end_va": 39256063, "entry_point": 0, "filename": null, "id": "region_1228", "name": "private_0x0000000002530000", "norm_filename": null, "region_type": "private_memory", "start_va": 38993920, "timestamp": "00:02:26.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 122748928, "type": "region", "version": 1 }, "end_va": 123797503, "entry_point": 0, "filename": null, "id": "region_1229", "name": "private_0x0000000007510000", "norm_filename": null, "region_type": "private_memory", "start_va": 122748928, "timestamp": "00:02:26.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 123797504, "type": "region", "version": 1 }, "end_va": 124846079, "entry_point": 0, "filename": null, "id": "region_1230", "name": "private_0x0000000007610000", "norm_filename": null, "region_type": "private_memory", "start_va": 123797504, "timestamp": "00:02:26.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_1231", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:02:26.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1232", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:02:26.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1963458560, "type": "region", "version": 1 }, "end_va": 1976344575, "entry_point": 1963458560, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1233", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1963458560, "timestamp": "00:02:26.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976369152, "type": "region", "version": 1 }, "end_va": 1976725503, "entry_point": 1976369152, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1234", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976369152, "timestamp": "00:02:27.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 6426623, "entry_point": 0, "filename": null, "id": "region_1235", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:02:27.264", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\igfxonux.scr\" /S", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr", "id": "proc_10", "image_name": "igfxonux.scr", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 9, "ref_parent_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1242", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:02:27.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1243", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:27.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1244", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:02:27.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1245", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:02:27.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1246", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:02:27.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_1247", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:02:27.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4341759, "entry_point": 0, "filename": null, "id": "region_1248", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:02:27.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1999306752, "type": "region", "version": 1 }, "end_va": 2001047551, "entry_point": 1999306752, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1249", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999306752, "timestamp": "00:02:27.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2001272832, "type": "region", "version": 1 }, "end_va": 2002845695, "entry_point": 2001272832, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1250", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001272832, "timestamp": "00:02:27.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1251", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:02:27.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1252", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:02:27.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1253", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:02:27.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1254", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:02:27.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1255", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:02:27.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1256", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:27.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1257", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:27.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_1258", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:02:27.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1939865600, "type": "region", "version": 1 }, "end_va": 1939898367, "entry_point": 1939874040, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1259", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1939865600, "timestamp": "00:02:27.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1939931136, "type": "region", "version": 1 }, "end_va": 1940307967, "entry_point": 1940191128, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1260", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1939931136, "timestamp": "00:02:27.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940582399, "entry_point": 1940512376, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1261", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:02:27.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1262", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:27.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1263", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:02:27.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_1264", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:02:27.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1988296703, "entry_point": 1987261139, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1265", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:02:27.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1994457088, "type": "region", "version": 1 }, "end_va": 1994743807, "entry_point": 1994486904, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1266", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1994457088, "timestamp": "00:02:27.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998254079, "entry_point": 0, "filename": null, "id": "region_1267", "name": "private_0x0000000077090000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997078528, "timestamp": "00:02:27.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1998258176, "type": "region", "version": 1 }, "end_va": 1999282175, "entry_point": 0, "filename": null, "id": "region_1268", "name": "private_0x00000000771b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998258176, "timestamp": "00:02:27.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1269", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:02:27.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1270", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:02:27.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1576960, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5967871, "entry_point": 0, "filename": null, "id": "region_1271", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:02:27.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3158016, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 10563583, "entry_point": 0, "filename": null, "id": "region_1272", "name": "private_0x0000000000710000", "norm_filename": null, "region_type": "private_memory", "start_va": 7405568, "timestamp": "00:02:27.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1273", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:02:27.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1982201856, "type": "region", "version": 1 }, "end_va": 1982857215, "entry_point": 1982286309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1274", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1982201856, "timestamp": "00:02:27.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1992949760, "type": "region", "version": 1 }, "end_va": 1993654271, "entry_point": 1992991858, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1275", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1992949760, "timestamp": "00:02:27.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1994952703, "entry_point": 1994869109, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1276", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:02:27.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989150057, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1277", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:02:27.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1963261951, "entry_point": 1962976179, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1278", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:02:27.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962803200, "type": "region", "version": 1 }, "end_va": 1962852351, "entry_point": 1962807521, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1279", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962803200, "timestamp": "00:02:27.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1441792, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1280", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:02:27.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1281", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:02:27.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_1282", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:02:27.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1283", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:02:27.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4538367, "entry_point": 0, "filename": null, "id": "region_1284", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:02:27.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1285", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:02:27.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 561152, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5148671, "entry_point": 0, "filename": null, "id": "region_1287", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:02:27.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 0, "filename": null, "id": "region_1677", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:29.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3530751, "entry_point": 0, "filename": null, "id": "region_1678", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:02:29.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1996029952, "type": "region", "version": 1 }, "end_va": 1997078527, "entry_point": 1996142317, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1679", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996029952, "timestamp": "00:02:29.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982857216, "type": "region", "version": 1 }, "end_va": 1983447039, "entry_point": 1982948163, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1680", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982857216, "timestamp": "00:02:29.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1993670656, "type": "region", "version": 1 }, "end_va": 1993711615, "entry_point": 1993684640, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1681", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1993670656, "timestamp": "00:02:29.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1993801728, "type": "region", "version": 1 }, "end_va": 1994444799, "entry_point": 1994014679, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1682", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1993801728, "timestamp": "00:02:29.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5300223, "entry_point": 5248399, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1683", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 5177344, "timestamp": "00:02:29.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 12222463, "entry_point": 0, "filename": null, "id": "region_1684", "name": "pagefile_0x0000000000a20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10616832, "timestamp": "00:02:29.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984828815, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1686", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:02:29.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1981153280, "type": "region", "version": 1 }, "end_va": 1981988863, "entry_point": 1981159051, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1687", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1981153280, "timestamp": "00:02:29.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3608575, "entry_point": 0, "filename": null, "id": "region_1688", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:02:29.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5181439, "entry_point": 0, "filename": null, "id": "region_1689", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:02:29.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 12255232, "type": "region", "version": 1 }, "end_va": 13832191, "entry_point": 0, "filename": null, "id": "region_1690", "name": "pagefile_0x0000000000bb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12255232, "timestamp": "00:02:29.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 13893632, "type": "region", "version": 1 }, "end_va": 34865151, "entry_point": 0, "filename": null, "id": "region_1691", "name": "pagefile_0x0000000000d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13893632, "timestamp": "00:02:29.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5390335, "entry_point": 0, "filename": null, "id": "region_1724", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:02:33.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5537791, "entry_point": 0, "filename": null, "id": "region_1726", "name": "pagefile_0x0000000000530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5439488, "timestamp": "00:02:33.054", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Explorer.EXE", "filename": "c:\\windows\\explorer.exe", "id": "proc_11", "image_name": "explorer.exe", "monitor_reason": "injection", "monitored_id": 11, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1288", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:27.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 139263, "entry_point": 0, "filename": null, "id": "region_1289", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:02:27.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1290", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:02:27.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_1291", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:02:27.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1292", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:02:27.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1293", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:02:27.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1294", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:02:27.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1295", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:02:27.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1296", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:02:27.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_1297", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:02:27.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1298", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:02:27.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1384447, "entry_point": 0, "filename": null, "id": "region_1299", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:02:27.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_1300", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:02:27.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1515519, "entry_point": 0, "filename": null, "id": "region_1301", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:02:27.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_1302", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:02:27.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1303", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:02:27.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 98304, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2260991, "entry_point": 0, "filename": null, "id": "region_1304", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:02:27.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 114688, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2408447, "entry_point": 0, "filename": null, "id": "region_1305", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:02:27.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1306", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:02:27.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2502655, "entry_point": 0, "filename": null, "id": "region_1307", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:02:27.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1308", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:02:27.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_1309", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:02:27.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4673535, "entry_point": 0, "filename": null, "id": "region_1310", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:02:27.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 393216, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_1311", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:02:27.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_1312", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:02:27.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6782975, "entry_point": 0, "filename": null, "id": "region_1313", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:02:27.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 8392703, "entry_point": 0, "filename": null, "id": "region_1314", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:02:27.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 29425663, "entry_point": 0, "filename": null, "id": "region_1315", "name": "pagefile_0x0000000000810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8454144, "timestamp": "00:02:27.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 33566719, "entry_point": 0, "filename": null, "id": "region_1316", "name": "pagefile_0x0000000001c10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29425664, "timestamp": "00:02:27.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 34533375, "entry_point": 0, "filename": null, "id": "region_1317", "name": "pagefile_0x0000000002010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33619968, "timestamp": "00:02:27.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 442368, "start_va": 34537472, "type": "region", "version": 1 }, "end_va": 34979839, "entry_point": 0, "filename": null, "id": "region_1318", "name": "private_0x00000000020f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34537472, "timestamp": "00:02:27.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 35192831, "entry_point": 0, "filename": null, "id": "region_1319", "name": "private_0x0000000002160000", "norm_filename": null, "region_type": "private_memory", "start_va": 34996224, "timestamp": "00:02:27.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 35192832, "type": "region", "version": 1 }, "end_va": 35258367, "entry_point": 0, "filename": null, "id": "region_1320", "name": "private_0x0000000002190000", "norm_filename": null, "region_type": "private_memory", "start_va": 35192832, "timestamp": "00:02:27.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 35323903, "entry_point": 0, "filename": null, "id": "region_1321", "name": "private_0x00000000021a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35258368, "timestamp": "00:02:27.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35323904, "type": "region", "version": 1 }, "end_va": 35848191, "entry_point": 0, "filename": null, "id": "region_1322", "name": "private_0x00000000021b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35323904, "timestamp": "00:02:27.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35848192, "type": "region", "version": 1 }, "end_va": 35852287, "entry_point": 0, "filename": null, "id": "region_1323", "name": "private_0x0000000002230000", "norm_filename": null, "region_type": "private_memory", "start_va": 35848192, "timestamp": "00:02:27.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 36438015, "entry_point": 0, "filename": null, "id": "region_1324", "name": "private_0x0000000002240000", "norm_filename": null, "region_type": "private_memory", "start_va": 35913728, "timestamp": "00:02:27.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36438016, "type": "region", "version": 1 }, "end_va": 39383039, "entry_point": 36438016, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1325", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36438016, "timestamp": "00:02:27.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39395327, "entry_point": 0, "filename": null, "id": "region_1326", "name": "pagefile_0x0000000002590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39387136, "timestamp": "00:02:27.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 39452672, "type": "region", "version": 1 }, "end_va": 39460863, "entry_point": 0, "filename": null, "id": "region_1327", "name": "pagefile_0x00000000025a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39452672, "timestamp": "00:02:27.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 39530495, "entry_point": 39518208, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui", "id": "region_1328", "name": "comctl32.dll.mui", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui", "region_type": "memory_mapped_file", "start_va": 39518208, "timestamp": "00:02:27.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 39587839, "entry_point": 0, "filename": null, "id": "region_1329", "name": "private_0x00000000025c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39583744, "timestamp": "00:02:27.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 114688, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 39763967, "entry_point": 0, "filename": null, "id": "region_1330", "name": "private_0x00000000025d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39649280, "timestamp": "00:02:27.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39780352, "type": "region", "version": 1 }, "end_va": 39784447, "entry_point": 0, "filename": null, "id": "region_1331", "name": "private_0x00000000025f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39780352, "timestamp": "00:02:27.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 39845888, "type": "region", "version": 1 }, "end_va": 39882751, "entry_point": 0, "filename": null, "id": "region_1332", "name": "private_0x0000000002600000", "norm_filename": null, "region_type": "private_memory", "start_va": 39845888, "timestamp": "00:02:27.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 39911424, "type": "region", "version": 1 }, "end_va": 39944191, "entry_point": 0, "filename": null, "id": "region_1333", "name": "private_0x0000000002610000", "norm_filename": null, "region_type": "private_memory", "start_va": 39911424, "timestamp": "00:02:27.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 110592, "start_va": 39976960, "type": "region", "version": 1 }, "end_va": 40087551, "entry_point": 39976960, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db", "id": "region_1334", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "region_type": "memory_mapped_file", "start_va": 39976960, "timestamp": "00:02:27.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 40108032, "type": "region", "version": 1 }, "end_va": 40112127, "entry_point": 0, "filename": null, "id": "region_1335", "name": "pagefile_0x0000000002640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40108032, "timestamp": "00:02:27.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 40173568, "type": "region", "version": 1 }, "end_va": 40189951, "entry_point": 40173568, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1336", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 40173568, "timestamp": "00:02:27.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 40239104, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", "id": "region_1337", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 40239104, "timestamp": "00:02:27.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 40435712, "type": "region", "version": 1 }, "end_va": 40501247, "entry_point": 0, "filename": null, "id": "region_1338", "name": "private_0x0000000002690000", "norm_filename": null, "region_type": "private_memory", "start_va": 40435712, "timestamp": "00:02:27.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40501248, "type": "region", "version": 1 }, "end_va": 40566783, "entry_point": 0, "filename": null, "id": "region_1339", "name": "private_0x00000000026a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40501248, "timestamp": "00:02:27.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40566784, "type": "region", "version": 1 }, "end_va": 40632319, "entry_point": 0, "filename": null, "id": "region_1340", "name": "private_0x00000000026b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40566784, "timestamp": "00:02:27.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40632320, "type": "region", "version": 1 }, "end_va": 40697855, "entry_point": 0, "filename": null, "id": "region_1341", "name": "private_0x00000000026c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40632320, "timestamp": "00:02:27.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 40763391, "entry_point": 0, "filename": null, "id": "region_1342", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:02:27.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 40828927, "entry_point": 0, "filename": null, "id": "region_1343", "name": "private_0x00000000026e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40763392, "timestamp": "00:02:27.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40828928, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_1344", "name": "private_0x00000000026f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40828928, "timestamp": "00:02:27.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 40959999, "entry_point": 0, "filename": null, "id": "region_1345", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:02:27.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 41025535, "entry_point": 0, "filename": null, "id": "region_1346", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:02:27.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 41025536, "type": "region", "version": 1 }, "end_va": 41091071, "entry_point": 0, "filename": null, "id": "region_1347", "name": "private_0x0000000002720000", "norm_filename": null, "region_type": "private_memory", "start_va": 41025536, "timestamp": "00:02:27.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41099263, "entry_point": 0, "filename": null, "id": "region_1348", "name": "pagefile_0x0000000002730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41091072, "timestamp": "00:02:27.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41160703, "entry_point": 0, "filename": null, "id": "region_1349", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:02:27.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 41222144, "type": "region", "version": 1 }, "end_va": 41226239, "entry_point": 0, "filename": null, "id": "region_1350", "name": "private_0x0000000002750000", "norm_filename": null, "region_type": "private_memory", "start_va": 41222144, "timestamp": "00:02:27.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 41353215, "entry_point": 0, "filename": null, "id": "region_1351", "name": "private_0x0000000002760000", "norm_filename": null, "region_type": "private_memory", "start_va": 41287680, "timestamp": "00:02:27.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 42401791, "entry_point": 0, "filename": null, "id": "region_1352", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:02:27.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_1353", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:02:27.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 43450368, "type": "region", "version": 1 }, "end_va": 43466751, "entry_point": 43450368, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1354", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 43450368, "timestamp": "00:02:27.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43515904, "type": "region", "version": 1 }, "end_va": 43524095, "entry_point": 0, "filename": null, "id": "region_1355", "name": "pagefile_0x0000000002980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43515904, "timestamp": "00:02:27.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 43589631, "entry_point": 0, "filename": null, "id": "region_1356", "name": "pagefile_0x0000000002990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43581440, "timestamp": "00:02:27.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 43663359, "entry_point": 0, "filename": null, "id": "region_1357", "name": "private_0x00000000029a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43646976, "timestamp": "00:02:27.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 43720703, "entry_point": 0, "filename": null, "id": "region_1358", "name": "pagefile_0x00000000029b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43712512, "timestamp": "00:02:27.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 43778048, "type": "region", "version": 1 }, "end_va": 43782143, "entry_point": 43778048, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_1359", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 43778048, "timestamp": "00:02:27.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 43851775, "entry_point": 0, "filename": null, "id": "region_1360", "name": "pagefile_0x00000000029d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43843584, "timestamp": "00:02:27.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 43937791, "entry_point": 43909120, "filename": "\\Windows\\System32\\en-US\\bthprops.cpl.mui", "id": "region_1361", "name": "bthprops.cpl.mui", "norm_filename": "c:\\windows\\system32\\en-us\\bthprops.cpl.mui", "region_type": "memory_mapped_file", "start_va": 43909120, "timestamp": "00:02:27.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 43974656, "type": "region", "version": 1 }, "end_va": 43991039, "entry_point": 0, "filename": null, "id": "region_1362", "name": "private_0x00000000029f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43974656, "timestamp": "00:02:27.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 44040192, "type": "region", "version": 1 }, "end_va": 44044287, "entry_point": 0, "filename": null, "id": "region_1363", "name": "private_0x0000000002a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 44040192, "timestamp": "00:02:27.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 44105728, "type": "region", "version": 1 }, "end_va": 44109823, "entry_point": 0, "filename": null, "id": "region_1364", "name": "private_0x0000000002a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 44105728, "timestamp": "00:02:27.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 44171264, "type": "region", "version": 1 }, "end_va": 44175359, "entry_point": 0, "filename": null, "id": "region_1365", "name": "private_0x0000000002a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 44171264, "timestamp": "00:02:27.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44236800, "type": "region", "version": 1 }, "end_va": 45285375, "entry_point": 0, "filename": null, "id": "region_1366", "name": "private_0x0000000002a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 44236800, "timestamp": "00:02:27.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45285376, "type": "region", "version": 1 }, "end_va": 46333951, "entry_point": 0, "filename": null, "id": "region_1367", "name": "private_0x0000000002b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 45285376, "timestamp": "00:02:27.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 46333952, "type": "region", "version": 1 }, "end_va": 48431103, "entry_point": 0, "filename": null, "id": "region_1368", "name": "private_0x0000000002c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 46333952, "timestamp": "00:02:27.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 48431104, "type": "region", "version": 1 }, "end_va": 51851263, "entry_point": 0, "filename": null, "id": "region_1369", "name": "pagefile_0x0000000002e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48431104, "timestamp": "00:02:27.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 51904512, "type": "region", "version": 1 }, "end_va": 51920895, "entry_point": 0, "filename": null, "id": "region_1370", "name": "private_0x0000000003180000", "norm_filename": null, "region_type": "private_memory", "start_va": 51904512, "timestamp": "00:02:27.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51970048, "type": "region", "version": 1 }, "end_va": 51974143, "entry_point": 0, "filename": null, "id": "region_1371", "name": "private_0x0000000003190000", "norm_filename": null, "region_type": "private_memory", "start_va": 51970048, "timestamp": "00:02:27.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52035584, "type": "region", "version": 1 }, "end_va": 52039679, "entry_point": 0, "filename": null, "id": "region_1372", "name": "private_0x00000000031a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52035584, "timestamp": "00:02:27.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52101120, "type": "region", "version": 1 }, "end_va": 52105215, "entry_point": 0, "filename": null, "id": "region_1373", "name": "private_0x00000000031b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52101120, "timestamp": "00:02:27.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52166656, "type": "region", "version": 1 }, "end_va": 52170751, "entry_point": 0, "filename": null, "id": "region_1374", "name": "private_0x00000000031c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52166656, "timestamp": "00:02:27.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52232192, "type": "region", "version": 1 }, "end_va": 52236287, "entry_point": 0, "filename": null, "id": "region_1375", "name": "private_0x00000000031d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52232192, "timestamp": "00:02:27.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 52297728, "type": "region", "version": 1 }, "end_va": 52822015, "entry_point": 0, "filename": null, "id": "region_1376", "name": "private_0x00000000031e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52297728, "timestamp": "00:02:27.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 52822016, "type": "region", "version": 1 }, "end_va": 53239807, "entry_point": 52822016, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1377", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 52822016, "timestamp": "00:02:27.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53280768, "type": "region", "version": 1 }, "end_va": 53284863, "entry_point": 0, "filename": null, "id": "region_1378", "name": "private_0x00000000032d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53280768, "timestamp": "00:02:27.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 53346304, "type": "region", "version": 1 }, "end_va": 53870591, "entry_point": 0, "filename": null, "id": "region_1379", "name": "private_0x00000000032e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53346304, "timestamp": "00:02:27.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53870592, "type": "region", "version": 1 }, "end_va": 53874687, "entry_point": 0, "filename": null, "id": "region_1380", "name": "private_0x0000000003360000", "norm_filename": null, "region_type": "private_memory", "start_va": 53870592, "timestamp": "00:02:27.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53936128, "type": "region", "version": 1 }, "end_va": 53940223, "entry_point": 0, "filename": null, "id": "region_1381", "name": "private_0x0000000003370000", "norm_filename": null, "region_type": "private_memory", "start_va": 53936128, "timestamp": "00:02:27.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 54001664, "type": "region", "version": 1 }, "end_va": 54005759, "entry_point": 0, "filename": null, "id": "region_1382", "name": "private_0x0000000003380000", "norm_filename": null, "region_type": "private_memory", "start_va": 54001664, "timestamp": "00:02:27.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 54067200, "type": "region", "version": 1 }, "end_va": 54591487, "entry_point": 0, "filename": null, "id": "region_1383", "name": "private_0x0000000003390000", "norm_filename": null, "region_type": "private_memory", "start_va": 54067200, "timestamp": "00:02:27.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 54591488, "type": "region", "version": 1 }, "end_va": 55115775, "entry_point": 0, "filename": null, "id": "region_1384", "name": "private_0x0000000003410000", "norm_filename": null, "region_type": "private_memory", "start_va": 54591488, "timestamp": "00:02:27.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55115776, "type": "region", "version": 1 }, "end_va": 55119871, "entry_point": 0, "filename": null, "id": "region_1385", "name": "pagefile_0x0000000003490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55115776, "timestamp": "00:02:27.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 55181312, "type": "region", "version": 1 }, "end_va": 55189503, "entry_point": 0, "filename": null, "id": "region_1386", "name": "pagefile_0x00000000034a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55181312, "timestamp": "00:02:27.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 55246848, "type": "region", "version": 1 }, "end_va": 55263231, "entry_point": 55246848, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1387", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 55246848, "timestamp": "00:02:27.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 55312384, "type": "region", "version": 1 }, "end_va": 55320575, "entry_point": 0, "filename": null, "id": "region_1388", "name": "pagefile_0x00000000034c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55312384, "timestamp": "00:02:27.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 55377920, "type": "region", "version": 1 }, "end_va": 55382015, "entry_point": 55377920, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{40FC8D7D-05ED-4FEB-B03B-6C100659EF5C}.2.ver0x0000000000000001.db", "id": "region_1389", "name": "{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{40fc8d7d-05ed-4feb-b03b-6c100659ef5c}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 55377920, "timestamp": "00:02:27.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 55443456, "type": "region", "version": 1 }, "end_va": 55459839, "entry_point": 55443456, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1390", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 55443456, "timestamp": "00:02:27.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55508992, "type": "region", "version": 1 }, "end_va": 55513087, "entry_point": 0, "filename": null, "id": "region_1391", "name": "private_0x00000000034f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55508992, "timestamp": "00:02:27.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55574528, "type": "region", "version": 1 }, "end_va": 55578623, "entry_point": 0, "filename": null, "id": "region_1392", "name": "private_0x0000000003500000", "norm_filename": null, "region_type": "private_memory", "start_va": 55574528, "timestamp": "00:02:27.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 55640064, "type": "region", "version": 1 }, "end_va": 55644159, "entry_point": 0, "filename": null, "id": "region_1393", "name": "private_0x0000000003510000", "norm_filename": null, "region_type": "private_memory", "start_va": 55640064, "timestamp": "00:02:27.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 55705600, "type": "region", "version": 1 }, "end_va": 56229887, "entry_point": 0, "filename": null, "id": "region_1394", "name": "private_0x0000000003520000", "norm_filename": null, "region_type": "private_memory", "start_va": 55705600, "timestamp": "00:02:27.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 56229888, "type": "region", "version": 1 }, "end_va": 56754175, "entry_point": 0, "filename": null, "id": "region_1395", "name": "private_0x00000000035a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56229888, "timestamp": "00:02:27.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 56819712, "type": "region", "version": 1 }, "end_va": 57343999, "entry_point": 0, "filename": null, "id": "region_1396", "name": "private_0x0000000003630000", "norm_filename": null, "region_type": "private_memory", "start_va": 56819712, "timestamp": "00:02:27.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 294912, "start_va": 57540608, "type": "region", "version": 1 }, "end_va": 57835519, "entry_point": 0, "filename": null, "id": "region_1397", "name": "private_0x00000000036e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57540608, "timestamp": "00:02:27.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 57999360, "type": "region", "version": 1 }, "end_va": 58003455, "entry_point": 0, "filename": null, "id": "region_1398", "name": "private_0x0000000003750000", "norm_filename": null, "region_type": "private_memory", "start_va": 57999360, "timestamp": "00:02:27.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 58130432, "type": "region", "version": 1 }, "end_va": 58134527, "entry_point": 58130432, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db", "id": "region_1399", "name": "thumbcache_1024.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db", "region_type": "memory_mapped_file", "start_va": 58130432, "timestamp": "00:02:27.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 58195968, "type": "region", "version": 1 }, "end_va": 58200063, "entry_point": 58195968, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{3978EA0A-1C7E-4449-8AE1-E1265F039002}.2.ver0x0000000000000003.db", "id": "region_1400", "name": "{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{3978ea0a-1c7e-4449-8ae1-e1265f039002}.2.ver0x0000000000000003.db", "region_type": "memory_mapped_file", "start_va": 58195968, "timestamp": "00:02:27.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 58261504, "type": "region", "version": 1 }, "end_va": 58785791, "entry_point": 0, "filename": null, "id": "region_1401", "name": "private_0x0000000003790000", "norm_filename": null, "region_type": "private_memory", "start_va": 58261504, "timestamp": "00:02:27.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 58785792, "type": "region", "version": 1 }, "end_va": 68419583, "entry_point": 58785792, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1402", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 58785792, "timestamp": "00:02:27.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 68419584, "type": "region", "version": 1 }, "end_va": 68435967, "entry_point": 68419584, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1403", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 68419584, "timestamp": "00:02:27.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 68485120, "type": "region", "version": 1 }, "end_va": 68489215, "entry_point": 68485120, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{4E36EA69-73D1-4458-9D16-50F8E31A69A0}.2.ver0x0000000000000001.db", "id": "region_1404", "name": "{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{4e36ea69-73d1-4458-9d16-50f8e31a69a0}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 68485120, "timestamp": "00:02:27.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 68550656, "type": "region", "version": 1 }, "end_va": 68878335, "entry_point": 0, "filename": null, "id": "region_1405", "name": "private_0x0000000004160000", "norm_filename": null, "region_type": "private_memory", "start_va": 68550656, "timestamp": "00:02:27.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69206016, "type": "region", "version": 1 }, "end_va": 69210111, "entry_point": 69206016, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db", "id": "region_1406", "name": "thumbcache_sr.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db", "region_type": "memory_mapped_file", "start_va": 69206016, "timestamp": "00:02:27.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 69271552, "type": "region", "version": 1 }, "end_va": 69795839, "entry_point": 0, "filename": null, "id": "region_1407", "name": "private_0x0000000004210000", "norm_filename": null, "region_type": "private_memory", "start_va": 69271552, "timestamp": "00:02:27.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69795840, "type": "region", "version": 1 }, "end_va": 69799935, "entry_point": 69795840, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db", "id": "region_1408", "name": "thumbcache_idx.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db", "region_type": "memory_mapped_file", "start_va": 69795840, "timestamp": "00:02:27.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69861376, "type": "region", "version": 1 }, "end_va": 69865471, "entry_point": 0, "filename": null, "id": "region_1409", "name": "pagefile_0x00000000042a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 69861376, "timestamp": "00:02:27.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69926912, "type": "region", "version": 1 }, "end_va": 69931007, "entry_point": 69926912, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db", "id": "region_1410", "name": "thumbcache_1024.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db", "region_type": "memory_mapped_file", "start_va": 69926912, "timestamp": "00:02:27.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69992448, "type": "region", "version": 1 }, "end_va": 69996543, "entry_point": 69992448, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db", "id": "region_1411", "name": "thumbcache_sr.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db", "region_type": "memory_mapped_file", "start_va": 69992448, "timestamp": "00:02:27.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 70057984, "type": "region", "version": 1 }, "end_va": 70582271, "entry_point": 0, "filename": null, "id": "region_1412", "name": "private_0x00000000042d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70057984, "timestamp": "00:02:27.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 70582272, "type": "region", "version": 1 }, "end_va": 70586367, "entry_point": 0, "filename": null, "id": "region_1413", "name": "pagefile_0x0000000004350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 70582272, "timestamp": "00:02:27.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 70647808, "type": "region", "version": 1 }, "end_va": 70651903, "entry_point": 70647808, "filename": "\\Windows\\System32\\en-US\\wdmaud.drv.mui", "id": "region_1414", "name": "wdmaud.drv.mui", "norm_filename": "c:\\windows\\system32\\en-us\\wdmaud.drv.mui", "region_type": "memory_mapped_file", "start_va": 70647808, "timestamp": "00:02:27.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 70713344, "type": "region", "version": 1 }, "end_va": 70717439, "entry_point": 70713344, "filename": "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui", "id": "region_1415", "name": "mmdevapi.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui", "region_type": "memory_mapped_file", "start_va": 70713344, "timestamp": "00:02:27.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 70778880, "type": "region", "version": 1 }, "end_va": 70787071, "entry_point": 0, "filename": null, "id": "region_1416", "name": "private_0x0000000004380000", "norm_filename": null, "region_type": "private_memory", "start_va": 70778880, "timestamp": "00:02:27.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 70844416, "type": "region", "version": 1 }, "end_va": 71368703, "entry_point": 0, "filename": null, "id": "region_1417", "name": "private_0x0000000004390000", "norm_filename": null, "region_type": "private_memory", "start_va": 70844416, "timestamp": "00:02:27.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 208896, "start_va": 71368704, "type": "region", "version": 1 }, "end_va": 71577599, "entry_point": 0, "filename": null, "id": "region_1418", "name": "private_0x0000000004410000", "norm_filename": null, "region_type": "private_memory", "start_va": 71368704, "timestamp": "00:02:27.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 71630848, "type": "region", "version": 1 }, "end_va": 71639039, "entry_point": 0, "filename": null, "id": "region_1419", "name": "pagefile_0x0000000004450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 71630848, "timestamp": "00:02:27.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 71696384, "type": "region", "version": 1 }, "end_va": 71700479, "entry_point": 71696384, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db", "id": "region_1420", "name": "thumbcache_idx.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db", "region_type": "memory_mapped_file", "start_va": 71696384, "timestamp": "00:02:27.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 71761920, "type": "region", "version": 1 }, "end_va": 72286207, "entry_point": 0, "filename": null, "id": "region_1421", "name": "private_0x0000000004470000", "norm_filename": null, "region_type": "private_memory", "start_va": 71761920, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 72286208, "type": "region", "version": 1 }, "end_va": 72290303, "entry_point": 0, "filename": null, "id": "region_1422", "name": "pagefile_0x00000000044f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72286208, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 72351744, "type": "region", "version": 1 }, "end_va": 72359935, "entry_point": 0, "filename": null, "id": "region_1423", "name": "pagefile_0x0000000004500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72351744, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 72425471, "entry_point": 0, "filename": null, "id": "region_1424", "name": "pagefile_0x0000000004510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72417280, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 72482816, "type": "region", "version": 1 }, "end_va": 72491007, "entry_point": 0, "filename": null, "id": "region_1425", "name": "pagefile_0x0000000004520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72482816, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 72548352, "type": "region", "version": 1 }, "end_va": 72556543, "entry_point": 0, "filename": null, "id": "region_1426", "name": "pagefile_0x0000000004530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72548352, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 72613888, "type": "region", "version": 1 }, "end_va": 72630271, "entry_point": 72613888, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1427", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 72613888, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 72679424, "type": "region", "version": 1 }, "end_va": 73203711, "entry_point": 0, "filename": null, "id": "region_1428", "name": "private_0x0000000004550000", "norm_filename": null, "region_type": "private_memory", "start_va": 72679424, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 73203712, "type": "region", "version": 1 }, "end_va": 73211903, "entry_point": 0, "filename": null, "id": "region_1429", "name": "pagefile_0x00000000045d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 73203712, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 73269248, "type": "region", "version": 1 }, "end_va": 73273343, "entry_point": 0, "filename": null, "id": "region_1430", "name": "private_0x00000000045e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73269248, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 73334784, "type": "region", "version": 1 }, "end_va": 73338879, "entry_point": 73334784, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db", "id": "region_1431", "name": "thumbcache_1024.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db", "region_type": "memory_mapped_file", "start_va": 73334784, "timestamp": "00:02:27.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 73400320, "type": "region", "version": 1 }, "end_va": 73404415, "entry_point": 73400320, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db", "id": "region_1432", "name": "thumbcache_sr.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db", "region_type": "memory_mapped_file", "start_va": 73400320, "timestamp": "00:02:27.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 73465856, "type": "region", "version": 1 }, "end_va": 73469951, "entry_point": 73465856, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db", "id": "region_1433", "name": "thumbcache_idx.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db", "region_type": "memory_mapped_file", "start_va": 73465856, "timestamp": "00:02:27.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 73531392, "type": "region", "version": 1 }, "end_va": 73539583, "entry_point": 0, "filename": null, "id": "region_1434", "name": "pagefile_0x0000000004620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 73531392, "timestamp": "00:02:27.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 73596928, "type": "region", "version": 1 }, "end_va": 74121215, "entry_point": 0, "filename": null, "id": "region_1435", "name": "private_0x0000000004630000", "norm_filename": null, "region_type": "private_memory", "start_va": 73596928, "timestamp": "00:02:27.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 74121216, "type": "region", "version": 1 }, "end_va": 74125311, "entry_point": 0, "filename": null, "id": "region_1436", "name": "private_0x00000000046b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 74121216, "timestamp": "00:02:27.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 74186752, "type": "region", "version": 1 }, "end_va": 74190847, "entry_point": 74186752, "filename": "\\Windows\\System32\\en-US\\msctf.dll.mui", "id": "region_1437", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 74186752, "timestamp": "00:02:27.798", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\SysWOW64\\autochk.exe\"", "filename": "c:\\windows\\syswow64\\autochk.exe", "id": "proc_12", "image_name": "autochk.exe", "monitor_reason": "child_process", "monitored_id": 12, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1692", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:02:31.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1693", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:31.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1694", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:02:31.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_1695", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:02:31.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_1696", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:02:31.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 679936, "start_va": 12189696, "type": "region", "version": 1 }, "end_va": 12869631, "entry_point": 12189696, "filename": "\\Windows\\SysWOW64\\autochk.exe", "id": "region_1697", "name": "autochk.exe", "norm_filename": "c:\\windows\\syswow64\\autochk.exe", "region_type": "memory_mapped_file", "start_va": 12189696, "timestamp": "00:02:31.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1999306752, "type": "region", "version": 1 }, "end_va": 2001047551, "entry_point": 1999306752, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1698", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999306752, "timestamp": "00:02:31.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2001272832, "type": "region", "version": 1 }, "end_va": 2002845695, "entry_point": 2001272832, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1699", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001272832, "timestamp": "00:02:31.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1700", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:02:31.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1701", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:02:31.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1702", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:02:31.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1703", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:02:31.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1704", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:02:31.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1705", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:31.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1706", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:31.048", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\SysWOW64\\cmstp.exe\"", "filename": "c:\\windows\\syswow64\\cmstp.exe", "id": "proc_13", "image_name": "cmstp.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1707", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:02:31.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1708", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:31.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1709", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:02:31.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1710", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:02:31.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1711", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:02:31.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1712", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:02:31.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_1713", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:02:31.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 6586367, "entry_point": 6488064, "filename": "\\Windows\\SysWOW64\\cmstp.exe", "id": "region_1714", "name": "cmstp.exe", "norm_filename": "c:\\windows\\syswow64\\cmstp.exe", "region_type": "memory_mapped_file", "start_va": 6488064, "timestamp": "00:02:31.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1999306752, "type": "region", "version": 1 }, "end_va": 2001047551, "entry_point": 1999306752, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1715", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999306752, "timestamp": "00:02:31.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2001272832, "type": "region", "version": 1 }, "end_va": 2002845695, "entry_point": 2001272832, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1716", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001272832, "timestamp": "00:02:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1717", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:02:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1718", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:02:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1719", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:02:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1720", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:02:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1721", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:02:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1722", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1723", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_1725", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:02:33.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 6586367, "entry_point": 0, "filename": null, "id": "region_1727", "name": "pagefile_0x0000000000630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6488064, "timestamp": "00:02:33.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_1728", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:02:33.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1939865600, "type": "region", "version": 1 }, "end_va": 1939898367, "entry_point": 1939874040, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1729", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1939865600, "timestamp": "00:02:33.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1939931136, "type": "region", "version": 1 }, "end_va": 1940307967, "entry_point": 1940191128, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1730", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1939931136, "timestamp": "00:02:33.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940582399, "entry_point": 1940512376, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1731", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:02:33.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1732", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:33.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2256895, "entry_point": 1835008, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1733", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1835008, "timestamp": "00:02:33.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_1734", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:02:33.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 8323071, "entry_point": 0, "filename": null, "id": "region_1735", "name": "private_0x00000000007e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8257536, "timestamp": "00:02:33.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1962606592, "type": "region", "version": 1 }, "end_va": 1962643455, "entry_point": 1962606592, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_1736", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1962606592, "timestamp": "00:02:33.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1962672128, "type": "region", "version": 1 }, "end_va": 1962729471, "entry_point": 1962672128, "filename": "\\Windows\\SysWOW64\\cmutil.dll", "id": "region_1737", "name": "cmutil.dll", "norm_filename": "c:\\windows\\syswow64\\cmutil.dll", "region_type": "memory_mapped_file", "start_va": 1962672128, "timestamp": "00:02:33.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962803200, "type": "region", "version": 1 }, "end_va": 1962852351, "entry_point": 1962807521, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1738", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962803200, "timestamp": "00:02:33.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1963261951, "entry_point": 1962976179, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1739", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:02:33.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1963458560, "type": "region", "version": 1 }, "end_va": 1976344575, "entry_point": 1963988481, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1740", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1963458560, "timestamp": "00:02:33.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1976369152, "type": "region", "version": 1 }, "end_va": 1976725503, "entry_point": 1976474534, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1741", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976369152, "timestamp": "00:02:33.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1982201856, "type": "region", "version": 1 }, "end_va": 1982857215, "entry_point": 1982286309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1742", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1982201856, "timestamp": "00:02:33.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982857216, "type": "region", "version": 1 }, "end_va": 1983447039, "entry_point": 1982948163, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1743", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982857216, "timestamp": "00:02:33.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1988296703, "entry_point": 1987261139, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1744", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:02:33.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989150057, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1745", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:02:33.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1991245824, "type": "region", "version": 1 }, "end_va": 1992671231, "entry_point": 1991555645, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1746", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1991245824, "timestamp": "00:02:33.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1992949760, "type": "region", "version": 1 }, "end_va": 1993654271, "entry_point": 1992991858, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1747", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1992949760, "timestamp": "00:02:33.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1993670656, "type": "region", "version": 1 }, "end_va": 1993711615, "entry_point": 1993684640, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1748", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1993670656, "timestamp": "00:02:33.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1993801728, "type": "region", "version": 1 }, "end_va": 1994444799, "entry_point": 1994014679, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1749", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1993801728, "timestamp": "00:02:33.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1994457088, "type": "region", "version": 1 }, "end_va": 1994743807, "entry_point": 1994486904, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1750", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1994457088, "timestamp": "00:02:33.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1994952703, "entry_point": 1994869109, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1751", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:02:33.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1996029952, "type": "region", "version": 1 }, "end_va": 1997078527, "entry_point": 1996142317, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1752", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996029952, "timestamp": "00:02:33.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998254079, "entry_point": 0, "filename": null, "id": "region_1753", "name": "private_0x0000000077090000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997078528, "timestamp": "00:02:33.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1998258176, "type": "region", "version": 1 }, "end_va": 1999282175, "entry_point": 0, "filename": null, "id": "region_1754", "name": "private_0x00000000771b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998258176, "timestamp": "00:02:33.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1755", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:02:33.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1756", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:02:33.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 8224767, "entry_point": 0, "filename": null, "id": "region_1757", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:02:33.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1981153280, "type": "region", "version": 1 }, "end_va": 1981988863, "entry_point": 1981159051, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1758", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1981153280, "timestamp": "00:02:33.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984828815, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1759", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:02:33.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_1760", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:02:33.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1761", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:02:33.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 675839, "entry_point": 655360, "filename": "\\Windows\\SysWOW64\\en-US\\cmstp.exe.mui", "id": "region_1762", "name": "cmstp.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\cmstp.exe.mui", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:02:33.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_1763", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:02:33.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1764", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:02:33.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 9900031, "entry_point": 0, "filename": null, "id": "region_1765", "name": "pagefile_0x00000000007f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8323072, "timestamp": "00:02:33.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_1766", "name": "pagefile_0x0000000000980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9961472, "timestamp": "00:02:33.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1576960, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 33820671, "entry_point": 0, "filename": null, "id": "region_1767", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:02:33.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3158016, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 37040127, "entry_point": 0, "filename": null, "id": "region_1768", "name": "private_0x0000000002050000", "norm_filename": null, "region_type": "private_memory", "start_va": 33882112, "timestamp": "00:02:33.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 917503, "entry_point": 0, "filename": null, "id": "region_1769", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:02:33.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1392639, "entry_point": 0, "filename": null, "id": "region_1770", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:02:33.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1771", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:02:33.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_1772", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:02:33.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1773", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:02:33.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 147456, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2441215, "entry_point": 0, "filename": null, "id": "region_1774", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:02:33.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 413696, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2904063, "entry_point": 0, "filename": null, "id": "region_1775", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:02:33.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 413696, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4345855, "entry_point": 0, "filename": null, "id": "region_1776", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:02:33.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5120000, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 42213375, "entry_point": 0, "filename": null, "id": "region_1778", "name": "pagefile_0x0000000002360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37093376, "timestamp": "00:02:33.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1028096, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 31961087, "entry_point": 0, "filename": null, "id": "region_1779", "name": "private_0x0000000001d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 30932992, "timestamp": "00:02:33.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1961119743, "entry_point": 1959329792, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", "id": "region_1780", "name": "nss3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:02:33.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962549247, "entry_point": 1962344448, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_1781", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:02:33.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1961230336, "type": "region", "version": 1 }, "end_va": 1961259007, "entry_point": 1961230336, "filename": "\\Windows\\SysWOW64\\wsock32.dll", "id": "region_1782", "name": "wsock32.dll", "norm_filename": "c:\\windows\\syswow64\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1961230336, "timestamp": "00:02:33.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1992904703, "entry_point": 1992687616, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1783", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:02:33.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1988886528, "type": "region", "version": 1 }, "end_va": 1988911103, "entry_point": 1988886528, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1784", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1988886528, "timestamp": "00:02:33.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1959325695, "entry_point": 1958543360, "filename": "\\Windows\\SysWOW64\\msvcr100.dll", "id": "region_1785", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:02:33.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962541056, "type": "region", "version": 1 }, "end_va": 1962590207, "entry_point": 1962541056, "filename": "\\Windows\\SysWOW64\\vaultcli.dll", "id": "region_1786", "name": "vaultcli.dll", "norm_filename": "c:\\windows\\syswow64\\vaultcli.dll", "region_type": "memory_mapped_file", "start_va": 1962541056, "timestamp": "00:02:33.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1959526400, "type": "region", "version": 1 }, "end_va": 1961164799, "entry_point": 1959526400, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_1787", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1959526400, "timestamp": "00:02:33.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1937637376, "type": "region", "version": 1 }, "end_va": 1938161663, "entry_point": 1937717193, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1788", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1937637376, "timestamp": "00:02:33.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_1789", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:02:33.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33746943, "entry_point": 0, "filename": null, "id": "region_1790", "name": "pagefile_0x0000000001f50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32833536, "timestamp": "00:02:33.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_1791", "name": "private_0x0000000002850000", "norm_filename": null, "region_type": "private_memory", "start_va": 42270720, "timestamp": "00:02:33.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 43450368, "type": "region", "version": 1 }, "end_va": 46395391, "entry_point": 43450368, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1792", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 43450368, "timestamp": "00:02:33.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 6160383, "entry_point": 0, "filename": null, "id": "region_1793", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:02:34.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46923776, "type": "region", "version": 1 }, "end_va": 47185919, "entry_point": 0, "filename": null, "id": "region_1794", "name": "private_0x0000000002cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46923776, "timestamp": "00:02:34.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 47185920, "type": "region", "version": 1 }, "end_va": 52371455, "entry_point": 0, "filename": null, "id": "region_1795", "name": "private_0x0000000002d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 47185920, "timestamp": "00:02:34.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1796", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:02:34.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1797", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:02:34.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1958477824, "type": "region", "version": 1 }, "end_va": 1959505919, "entry_point": 1958477824, "filename": "\\Windows\\SysWOW64\\WindowsCodecs.dll", "id": "region_1798", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\syswow64\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1958477824, "timestamp": "00:02:34.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_1799", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:02:34.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_1800", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:02:34.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1981149183, "entry_point": 1980579761, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1801", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:02:34.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 43319295, "entry_point": 0, "filename": null, "id": "region_1802", "name": "private_0x0000000002850000", "norm_filename": null, "region_type": "private_memory", "start_va": 42270720, "timestamp": "00:02:34.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_1803", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:02:34.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6246399, "entry_point": 0, "filename": null, "id": "region_1806", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:02:39.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6295551, "entry_point": 0, "filename": null, "id": "region_1825", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:02:44.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6045695, "entry_point": 0, "filename": null, "id": "region_1827", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:02:44.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_1878", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:03:05.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32440319, "entry_point": 0, "filename": null, "id": "region_1879", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:03:05.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_1880", "name": "private_0x0000000001f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 32571392, "timestamp": "00:03:05.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42729471, "entry_point": 0, "filename": null, "id": "region_1881", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:03:05.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46530560, "type": "region", "version": 1 }, "end_va": 46792703, "entry_point": 0, "filename": null, "id": "region_1882", "name": "private_0x0000000002c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 46530560, "timestamp": "00:03:05.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_1883", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:03:05.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_1894", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:03:50.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46989312, "type": "region", "version": 1 }, "end_va": 47251455, "entry_point": 0, "filename": null, "id": "region_1895", "name": "private_0x0000000002cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46989312, "timestamp": "00:03:50.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_1896", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:03:50.236", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe\"", "filename": "c:\\program files (x86)\\mozilla firefox\\firefox.exe", "id": "proc_14", "image_name": "firefox.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 13, "ref_parent_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1807", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:02:44.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1808", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:44.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1809", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:02:44.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1810", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:02:44.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 405503, "entry_point": 0, "filename": null, "id": "region_1811", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:02:44.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1812", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:02:44.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_1813", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:02:44.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5120000, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 9183231, "entry_point": 0, "filename": null, "id": "region_1814", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:02:44.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 18415616, "type": "region", "version": 1 }, "end_va": 18694143, "entry_point": 18415616, "filename": "\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", "id": "region_1815", "name": "firefox.exe", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\firefox.exe", "region_type": "memory_mapped_file", "start_va": 18415616, "timestamp": "00:02:44.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1999306752, "type": "region", "version": 1 }, "end_va": 2001047551, "entry_point": 1999306752, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1816", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999306752, "timestamp": "00:02:44.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2001272832, "type": "region", "version": 1 }, "end_va": 2002845695, "entry_point": 2001272832, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1817", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001272832, "timestamp": "00:02:44.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1818", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:02:44.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1819", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:44.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 4294639616, "type": "region", "version": 1 }, "end_va": 4294782975, "entry_point": 0, "filename": null, "id": "region_1820", "name": "pagefile_0x00000000fffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4294639616, "timestamp": "00:02:44.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 4294815744, "type": "region", "version": 1 }, "end_va": 4294828031, "entry_point": 0, "filename": null, "id": "region_1821", "name": "private_0x00000000fffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 4294815744, "timestamp": "00:02:44.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4294828032, "type": "region", "version": 1 }, "end_va": 4294832127, "entry_point": 0, "filename": null, "id": "region_1822", "name": "private_0x00000000fffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 4294828032, "timestamp": "00:02:44.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4294832128, "type": "region", "version": 1 }, "end_va": 4294836223, "entry_point": 0, "filename": null, "id": "region_1823", "name": "private_0x00000000fffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 4294832128, "timestamp": "00:02:44.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8791798120448, "start_va": 4294836224, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1824", "name": "private_0x00000000fffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4294836224, "timestamp": "00:02:44.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1826", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:02:44.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 18415616, "type": "region", "version": 1 }, "end_va": 18694143, "entry_point": 0, "filename": null, "id": "region_1828", "name": "pagefile_0x0000000001190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18415616, "timestamp": "00:02:44.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 10289151, "entry_point": 0, "filename": null, "id": "region_1830", "name": "private_0x0000000000950000", "norm_filename": null, "region_type": "private_memory", "start_va": 9764864, "timestamp": "00:02:44.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1939865600, "type": "region", "version": 1 }, "end_va": 1939898367, "entry_point": 1939874040, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1831", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1939865600, "timestamp": "00:02:44.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1939931136, "type": "region", "version": 1 }, "end_va": 1940307967, "entry_point": 1940191128, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1832", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1939931136, "timestamp": "00:02:44.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940582399, "entry_point": 1940512376, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1833", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:02:44.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_1834", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:02:44.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1987182592, "type": "region", "version": 1 }, "end_va": 1988296703, "entry_point": 1987261139, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1835", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1987182592, "timestamp": "00:02:44.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1994457088, "type": "region", "version": 1 }, "end_va": 1994743807, "entry_point": 1994486904, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1836", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1994457088, "timestamp": "00:02:44.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998254079, "entry_point": 0, "filename": null, "id": "region_1837", "name": "private_0x0000000077090000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997078528, "timestamp": "00:02:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1998258176, "type": "region", "version": 1 }, "end_va": 1999282175, "entry_point": 0, "filename": null, "id": "region_1838", "name": "private_0x00000000771b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998258176, "timestamp": "00:02:44.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1839", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:44.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1470463, "entry_point": 1048576, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1840", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:02:44.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1957691392, "type": "region", "version": 1 }, "end_va": 1958469631, "entry_point": 1957691392, "filename": "\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll", "id": "region_1841", "name": "msvcr100.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1957691392, "timestamp": "00:02:44.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962803200, "type": "region", "version": 1 }, "end_va": 1962852351, "entry_point": 1962807521, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1842", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962803200, "timestamp": "00:02:44.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1963261951, "entry_point": 1962976179, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1843", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:02:44.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1982201856, "type": "region", "version": 1 }, "end_va": 1982857215, "entry_point": 1982286309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1844", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1982201856, "timestamp": "00:02:44.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1982857216, "type": "region", "version": 1 }, "end_va": 1983447039, "entry_point": 1982948163, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1845", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1982857216, "timestamp": "00:02:44.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989150057, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1846", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:02:44.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1992949760, "type": "region", "version": 1 }, "end_va": 1993654271, "entry_point": 1992991858, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1847", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1992949760, "timestamp": "00:02:44.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1993670656, "type": "region", "version": 1 }, "end_va": 1993711615, "entry_point": 1993684640, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1848", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1993670656, "timestamp": "00:02:44.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1993801728, "type": "region", "version": 1 }, "end_va": 1994444799, "entry_point": 1994014679, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1849", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1993801728, "timestamp": "00:02:44.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1994952703, "entry_point": 1994869109, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1850", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:02:44.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1996029952, "type": "region", "version": 1 }, "end_va": 1997078527, "entry_point": 1996142317, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1851", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996029952, "timestamp": "00:02:44.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1852", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:02:44.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1853", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:02:44.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1854", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:02:44.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 11894783, "entry_point": 0, "filename": null, "id": "region_1855", "name": "pagefile_0x00000000009d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10289152, "timestamp": "00:02:44.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1981153280, "type": "region", "version": 1 }, "end_va": 1981988863, "entry_point": 1981159051, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1856", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1981153280, "timestamp": "00:02:44.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984828815, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1857", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:02:44.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1858", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:02:44.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1859", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:44.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 13504511, "entry_point": 0, "filename": null, "id": "region_1860", "name": "pagefile_0x0000000000b60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11927552, "timestamp": "00:02:44.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 15007744, "type": "region", "version": 1 }, "end_va": 15073279, "entry_point": 0, "filename": null, "id": "region_1861", "name": "private_0x0000000000e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 15007744, "timestamp": "00:02:44.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 15073280, "type": "region", "version": 1 }, "end_va": 16646143, "entry_point": 15073280, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1862", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 15073280, "timestamp": "00:02:44.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 18743296, "type": "region", "version": 1 }, "end_va": 39714815, "entry_point": 0, "filename": null, "id": "region_1863", "name": "pagefile_0x00000000011e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18743296, "timestamp": "00:02:44.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1988886528, "type": "region", "version": 1 }, "end_va": 1988911103, "entry_point": 1988892546, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1864", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1988886528, "timestamp": "00:02:45.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1992904703, "entry_point": 1992692829, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1865", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:02:45.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1954938880, "type": "region", "version": 1 }, "end_va": 1955368959, "entry_point": 1954938880, "filename": "\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll", "id": "region_1866", "name": "msvcp100.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1954938880, "timestamp": "00:02:45.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1955397632, "type": "region", "version": 1 }, "end_va": 1955536895, "entry_point": 1955397632, "filename": "\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll", "id": "region_1867", "name": "mozglue.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1955397632, "timestamp": "00:02:45.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1955594240, "type": "region", "version": 1 }, "end_va": 1955799039, "entry_point": 1955608561, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_1868", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1955594240, "timestamp": "00:02:45.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1957646335, "entry_point": 1957308451, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", "id": "region_1869", "name": "nss3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:02:45.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1962504191, "entry_point": 1962479904, "filename": "\\Windows\\SysWOW64\\wsock32.dll", "id": "region_1870", "name": "wsock32.dll", "norm_filename": "c:\\windows\\syswow64\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:02:45.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 13565952, "type": "region", "version": 1 }, "end_va": 14614527, "entry_point": 0, "filename": null, "id": "region_1871", "name": "private_0x0000000000cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13565952, "timestamp": "00:02:45.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1991233535, "entry_point": 1990066176, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1872", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:02:45.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1994833919, "entry_point": 1994784768, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1873", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:02:45.332", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 }, { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "lxqfwvdqlkd.exe", "id": 18795, "md5_hash": "f5aceff295707412e7679e7c0f3a797e", "sample_type": "windows_exe_(x86-32)", "sha1_hash": "89c58b4bc7130630ff093afe1c57614a4b85ddc7", "sha256_hash": "ab17c139b27a1884df468664b2ae448a6bfd8973034b6bfa42d03a3533edbe8d", "size": 290816, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 77409, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_19265.png", "size": 64501, "thumbnail_archive_path": "screenshots/thumbnail_19265.png", "timestamp": "00:00:19.265", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_20274.png", "size": 88104, "thumbnail_archive_path": "screenshots/thumbnail_20274.png", "timestamp": "00:00:20.274", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_22976.png", "size": 77451, "thumbnail_archive_path": "screenshots/thumbnail_22976.png", "timestamp": "00:00:22.976", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_29513.png", "size": 75081, "thumbnail_archive_path": "screenshots/thumbnail_29513.png", "timestamp": "00:00:29.513", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_87230.png", "size": 82409, "thumbnail_archive_path": "screenshots/thumbnail_87230.png", "timestamp": "00:01:27.230", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_88232.png", "size": 72749, "thumbnail_archive_path": "screenshots/thumbnail_88232.png", "timestamp": "00:01:28.232", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_90257.png", "size": 4178, "thumbnail_archive_path": "screenshots/thumbnail_90257.png", "timestamp": "00:01:30.257", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_91346.png", "size": 488643, "thumbnail_archive_path": "screenshots/thumbnail_91346.png", "timestamp": "00:01:31.346", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_108582.png", "size": 488485, "thumbnail_archive_path": "screenshots/thumbnail_108582.png", "timestamp": "00:01:48.582", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_114312.png", "size": 107273, "thumbnail_archive_path": "screenshots/thumbnail_114312.png", "timestamp": "00:01:54.312", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_135152.png", "size": 99877, "thumbnail_archive_path": "screenshots/thumbnail_135152.png", "timestamp": "00:02:15.152", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-09-12 16:39", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "10.3.183.75", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.450", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Nameless", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_17", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create nameless mutex.", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_dynamic_api_usage", "operation_desc": "Dynamic API usage", "ref_gfncalls": [ { "ref_id": "gfn_86", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_dynamic_api_usage_by_api", "technique_desc": "Resolve above average number of APIs.", "technique_path": "built_in._anti_analysis._dynamic_api_usage.vmray_dynamic_api_usage_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_1385", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lxqfwvdqlkd.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_executable_page", "operation_desc": "Create a page with write and execute permissions", "ref_gfncalls": [ { "ref_id": "gfn_1397", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_allocate_wx_page", "technique_desc": "Allocate a page in a foreign process with \"PAGE_EXECUTE_READWRITE\" permissions, often used to dynamically unpack code.", "technique_path": "built_in._process._create_executable_page.vmray_allocate_wx_page", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1414", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"\\??\\C:\\Windows\\SysWOW64\\ntdll.dll\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\SysWOW64\\ntdll.dll", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1414", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"\\??\\C:\\Windows\\SysWOW64\\ntdll.dll\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_kernel_debugger", "operation_desc": "Try to detect kernel debugger", "ref_gfncalls": [ { "ref_id": "gfn_1420", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_kernel_debugger_by_api", "technique_desc": "Check via API \"NtQuerySystemInformation\".", "technique_path": "built_in._anti_analysis._detect_kernel_debugger.vmray_detect_kernel_debugger_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_debugger", "operation_desc": "Try to detect debugger", "ref_gfncalls": [ { "ref_id": "gfn_1421", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_debugger_by_api", "technique_desc": "Check via API \"NtQueryInformationProcess\".", "technique_path": "built_in._anti_analysis._detect_debugger.vmray_detect_debugger_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_1444", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe\" reads from \"c:\\windows\\explorer.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_delay_execution", "operation_desc": "Delay execution", "ref_gfncalls": [ { "ref_id": "gfn_1452", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_delay_execution_by_sleep", "technique_desc": "One thread sleeps more than 5 minutes.", "technique_path": "built_in._anti_analysis._delay_execution.vmray_delay_execution_by_sleep", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_1453", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Windows\\SysWOW64\\autofmt.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_1453", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\SysWOW64\\autofmt.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_1454", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Windows\\SysWOW64\\msiexec.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_1454", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\SysWOW64\\msiexec.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\SysWOW64\\msiexec.exe", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\msiexec.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1458", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"\\??\\C:\\Windows\\SysWOW64\\msiexec.exe\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\SysWOW64\\msiexec.exe", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\msiexec.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1458", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"\\??\\C:\\Windows\\SysWOW64\\msiexec.exe\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_1462", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe\" reads from \"c:\\windows\\syswow64\\msiexec.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "L53886-WGVVJKAFC", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1484", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"L53886-WGVVJKAFC\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "8Q-59UAVA1ZvGWMZ", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1485", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"8Q-59UAVA1ZvGWMZ\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_1496", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Windows\\SysWOW64\\cmd.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_1496", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\SysWOW64\\cmd.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3388679973-3930757225-3770151564-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_1614", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\igfxonux.scr\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts", "hashes": [], "norm_filename": "c:\\windows\\system32\\drivers\\etc\\hosts", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1688", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts", "hashes": [], "norm_filename": "c:\\windows\\system32\\drivers\\etc\\hosts", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1688", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts", "hashes": [], "norm_filename": "c:\\windows\\system32\\drivers\\etc\\hosts", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_read_network_configuration", "operation_desc": "Read network configuration", "ref_gfncalls": [ { "ref_id": "gfn_1692", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_hosts_file", "technique_desc": "Read the current network configuration trough the host.conf file.", "technique_path": "built_in._network._read_network_configuration.vmray_read_hosts_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_2076", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\syswow64\\msiexec.exe\" reads from \"c:\\windows\\explorer.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "S-1-5-21-3388679-13801793209033", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_2089", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"S-1-5-21-3388679-13801793209033\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_2103", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_2103", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_2106", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\syswow64\\msiexec.exe\" reads from \"C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_3608", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\igfxonux.scr\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_3667", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\" reads from \"c:\\windows\\explorer.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_3675", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Windows\\SysWOW64\\rdpclip.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_3675", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\SysWOW64\\rdpclip.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_3676", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Windows\\SysWOW64\\autochk.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_3676", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\SysWOW64\\autochk.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_3678", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Windows\\SysWOW64\\cmstp.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_3678", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\SysWOW64\\cmstp.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\SysWOW64\\cmstp.exe", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\cmstp.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_3682", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"\\??\\C:\\Windows\\SysWOW64\\cmstp.exe\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\SysWOW64\\cmstp.exe", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\cmstp.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_3682", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"\\??\\C:\\Windows\\SysWOW64\\cmstp.exe\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_3686", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\" reads from \"c:\\program files\\windows nt\\hungry sage sender.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_3772", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\syswow64\\cmstp.exe\" reads from \"c:\\windows\\explorer.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_3793", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\syswow64\\cmstp.exe\" reads from \"C:\\Program Files (x86)\\Mozilla Firefox\\Firefox.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "S-1-5-21-3388679-8441793209033", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3821", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"S-1-5-21-3388679-8441793209033\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_create_many_files", "operation_desc": "Create many files", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_many_files", "technique_desc": "Create above average number of files.", "technique_path": "built_in._file_system._create_many_files.vmray_create_many_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_handle_with_malicious_files", "operation_desc": "Handle with malicious files", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_handle_with_malicious_files", "technique_desc": "File \"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\" is a known malicious file.", "technique_path": "built_in._file_system._handle_with_malicious_files.vmray_handle_with_malicious_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe\" modifies memory of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\syswow64\\msiexec.exe\" modifies memory of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe\" modifies memory of \"c:\\windows\\syswow64\\msiexec.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\syswow64\\msiexec.exe\" modifies memory of \"c:\\program files (x86)\\mozilla firefox\\firefox.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\" modifies memory of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\syswow64\\cmstp.exe\" modifies memory of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\" modifies memory of \"c:\\windows\\syswow64\\cmstp.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\syswow64\\cmstp.exe\" modifies memory of \"c:\\program files (x86)\\mozilla firefox\\firefox.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_non_system", "operation_desc": "Write into memory of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe\" modifies memory of \"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe\"", "technique_path": "built_in._injection._modify_memory_non_system.vmray_modify_memory", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_non_system", "operation_desc": "Write into memory of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\" modifies memory of \"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\"", "technique_path": "built_in._injection._modify_memory_non_system.vmray_modify_memory", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe\" alters context of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\windows\\syswow64\\msiexec.exe\" alters context of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\" alters context of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\windows\\syswow64\\cmstp.exe\" alters context of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_non_system", "operation_desc": "Modify control flow of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_non_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe\" alters context of \"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lxqfwvdqlkd.exe\"", "technique_path": "built_in._injection._modify_control_flow_non_system.vmray_modify_control_flow_non_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_non_system", "operation_desc": "Modify control flow of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_non_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\" alters context of \"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\igfxonux.scr\"", "technique_path": "built_in._injection._modify_control_flow_non_system.vmray_modify_control_flow_non_system", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Default (PE, ...)", "vti_score": 98 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }