{ "analysis_details": { "creation_time": "2017-11-14 20:01 (UTC+1)", "execution_successful": true, "number_of_processes": 23, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:04:22" }, "artifacts": { "files": [ { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f", "hashes": [], "norm_filename": "\u076f", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7700\udd78\u0017\ufffe\uffff\u3ca3\u776d\u0002", "hashes": [], "norm_filename": "\u076f\u7700\udd78\u0017\ufffe\uffff\u3ca3\u776d\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u0200\u2183\u024d", "hashes": [], "norm_filename": "\u076f\u0201\u2184\u024d", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7e00", "hashes": [], "norm_filename": "\u076f\u7e00", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u4300\u4544\u4746\u4948\u4b4a", "hashes": [], "norm_filename": "\u076f\u4300\u4544\u4746\u4948\u4b4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\ucd00\u00c4\u024d\u0001", "hashes": [], "norm_filename": "\u076f\ucd00\u00e4\u024d\u0001", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7600\uffff\uffff\ufbda\u776b\u890a\u76a3\u0002", "hashes": [], "norm_filename": "\u076f\u7600\uffff\uffff\ufbda\u776b\u890a\u76a3\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u0200\ufeac\u0018\u389e\u776d\u0138\u024d\u0002", "hashes": [], "norm_filename": "\u076f\u0201\ufeac\u0018\u389e\u776d\u0138\u024d\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u0200\u0150\u024d\u0150\u024d\u2188\u024d\u0002", "hashes": [], "norm_filename": "\u076f\u0201\u0151\u024d\u0151\u024d\u2188\u024d\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u5f00\u4160\u4342", "hashes": [], "norm_filename": "\u076f\u5f00\u4160\u4342", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7700", "hashes": [], "norm_filename": "\u076f\u7700", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\bootmgr", "hashes": [], "norm_filename": "\\\\?\\c:\\bootmgr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\BOOTSECT.BAK", "hashes": [], "norm_filename": "\\\\?\\c:\\bootsect.bak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\hiberfil.sys", "hashes": [], "norm_filename": "\\\\?\\c:\\hiberfil.sys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\pagefile.sys", "hashes": [], "norm_filename": "\\\\?\\c:\\pagefile.sys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", "hashes": [], "norm_filename": "\\\\?\\c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", "hashes": [], "norm_filename": "\\\\?\\c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4geU.pptx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4geu.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5MzXbIREhTTTaeobss.pptx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5mzxbirehtttaeobss.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8HoT4SPBYbm.xlsx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8hot4spbybm.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8njS1by2_oecbNC P4zy.pptx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8njs1by2_oecbnc p4zy.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sRvP5V9AccV.ods", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9srvp5v9accv.ods", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASEJIISwQeKimcHMn.xlsx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\asejiiswqekimchmn.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B92naCEgJ.docx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b92nacegj.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\de6NX.xlsx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\de6nx.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dKWKVTxHxijfZD_dSm_.xlsx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dkwkvtxhxijfzd_dsm_.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dsL8WL.docx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dsl8wl.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e5mivlGcxa-nNKp.docx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e5mivlgcxa-nnkp.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eL7YHoCZexIT pMk.docx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\el7yhoczexit pmk.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EtzbOnPY1PmFQ.rtf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\etzbonpy1pmfq.rtf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PJ8NaDyMfjtJM01lTM.xlsx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pj8nadymfjtjm01ltm.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uGN1arUrfzZMomzHA.pptx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ugn1arurfzzmomzha.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X2tQqTNWjx7lgtPo5htj.pptx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x2tqqtnwjx7lgtpo5htj.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_oHxelCBmJ.docx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_ohxelcbmj.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_P_aT.odt", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_p_at.odt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\-tHIa9_.xls", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\-thia9_.xls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\Gg8kaToejw.xls", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\gg8katoejw.xls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\JDjp8wKsx5Dz.ots", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\jdjp8wksx5dz.ots", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\KtwKDD9P56tzPTxgwQR.ods", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ktwkdd9p56tzptxgwqr.ods", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\mPKKZqdrZkc7.pdf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\mpkkzqdrzkc7.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\NMqv0Yc9MO55X.xls", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\nmqv0yc9mo55x.xls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\QRg3dKar.odp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\qrg3dkar.odp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\vqWzW8a_K.doc", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\vqwzw8a_k.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\YYzgnphG.csv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\yyzgnphg.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\8uRJm.csv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\8urjm.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\dUnN.ppt", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dunn.ppt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\DyX3zmFDQ.pps", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dyx3zmfdq.pps", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\Kv3rt4CpuhTFQ.pptx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\kv3rt4cpuhtfq.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\WHrA_.docx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\whra_.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\YtaJJRAGe.rtf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\ytajjrage.rtf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\ZjfGK_.odt", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\zjfgk_.odt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\hcLzjn0RCFG.odp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\hclzjn0rcfg.odp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\IcF1qMW8Ow.doc", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\icf1qmw8ow.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\Ld7trnreSqi.doc", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\ld7trnresqi.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\nmyti-BLd1o.xlsx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\nmyti-bld1o.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\qOmkS_BDD92-oYj.xls", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\qomks_bdd92-oyj.xls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\seND1DmmOud5.xls", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\send1dmmoud5.xls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\tKsxqcE.csv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\tksxqce.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\xlbxUnchVTGwsFtof.doc", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\xlbxunchvtgwsftof.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\ZN_ n.ots", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zn_ n.ots", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\zRPN8xkNuY7pBA7JA.csv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zrpn8xknuy7pba7ja.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\11DaFVcd U6Q75nbu_.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\11dafvcd u6q75nbu_.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8YglZU.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\8yglzu.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Ae42UeoE.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\ae42ueoe.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ImbzlHSAeRD0mYdABk.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\imbzlhsaerd0mydabk.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JKoqX.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\jkoqx.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yV_ r.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\yv_ r.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6fs5o-wzk5i.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9tkObc3F16FjSYiAwFD.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9tkobc3f16fjsyiawfd.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\aF_IB.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\af_ib.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\jEamZMQ.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jeamzmq.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\JO1Lf.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jo1lf.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\oKJQx_NM6hXc.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\okjqx_nm6hxc.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\TWlZw1pNzI1gwZW3OH.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\twlzw1pnzi1gwzw3oh.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\UazSw8R1r.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\uazsw8r1r.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\X7t8w3.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\x7t8w3.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\2zrmbovjou.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btd83yagwqr.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\BCE1010314.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "17f54288695fc46d11078ea493eb6626", "sha1_hash": "548058b2233b75cdfd964c1d7be5d2b80818131a", "sha256_hash": "33a60a16e50b8df2a731023951475ff0f973fc66334d2cfa6ce30aa36bb36414", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\bce1010314.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\BCE1010314.exe:Zone.Identifier", "hashes": [ { "md5_hash": "8d251dc834ad2282d59cb08f2152a8f7", "sha1_hash": "1ccec082f8ccbe367cfad62f04566e337255943a", "sha256_hash": "f1556a2096b4e834c3b91c637c2f5fb10fb4f2319b6c5f3143db2ce61774318d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\bce1010314.exe:zone.identifier", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\F06C3C509054X0B7D28ZCDDBB17087B9C3E.XZZX", "hashes": [ { "md5_hash": "014c2e239ac9d84fac5f9bb42deeca6f", "sha1_hash": "54fb44cfaebd5bbf5036abc28d65c075a858081a", "sha256_hash": "9b87d898f5440a63eea60dfc4b6de79112230b0aa6ab6a91104cb99abf257aeb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\f06c3c509054x0b7d28zcddbb17087b9c3e.xzzx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\bootmgr", "hashes": [], "norm_filename": "c:\\bootmgr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\BOOTSECT.BAK", "hashes": [], "norm_filename": "c:\\bootsect.bak", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\hiberfil.sys", "hashes": [], "norm_filename": "c:\\hiberfil.sys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\B0AD3AB92537B4FBFE37930729309943.XZZX", "hashes": [ { "md5_hash": "07a6cac5168cad26dc6df34d16ea41a0", "sha1_hash": "5c9327703ea5961e21d83b9e8ee3a0128ceed4e0", "sha256_hash": "710cd6b5104f65527a604839abdfec6f5881c212970f224ae6423482d62aaf47", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\b0ad3ab92537b4fbfe37930729309943.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\pagefile.sys", "hashes": [], "norm_filename": "c:\\pagefile.sys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\$Recycle.Bin\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\$recycle.bin\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Config.Msi\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\config.msi\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\documents and settings\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\PerfLogs\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\perflogs\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\PerfLogs\\Admin\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\perflogs\\admin\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\program files\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\program files (x86)\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Recovery\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", "hashes": [ { "md5_hash": "149039c782d26be150787a53c60b0fb8", "sha1_hash": "5bad17c6f209bdebb28e1606fa9f14ece3dffeb3", "sha256_hash": "dfb87c3b75ba2525237c00a764bff401e5e8b03ff4ef2c6fcfa72626fbcc7515", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", "hashes": [ { "md5_hash": "7af68820a4f620b83c4406bd45612a54", "sha1_hash": "39216ecbbd1a8402bbf9c24ab0933a15c80d0d18", "sha256_hash": "2be045ba74174227aea2172dc348655bd52185d0f3587708df15a3362272e895", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\System Volume Information\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\system volume information\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\D2D9507033A5E4DB82B20D90383EC923.XZZX", "hashes": [ { "md5_hash": "7037a481becf39b4f592c93948efe34f", "sha1_hash": "5cad49112c4837b7119b18c3c5b5fa356766b931", "sha256_hash": "310e13e9ecedea999daf2c93a008da53f5c4d600015c09b58cde61601e2a418d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\d2d9507033a5e4db82b20d90383ec923.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\97978E0428D9BCBB43314AFC2CD2A103.XZZX", "hashes": [ { "md5_hash": "060420bac4839cf5f19c38943a7b16bb", "sha1_hash": "d2affbf9da4a069003d22b618a23d512dfcd3059", "sha256_hash": "c1d7b12aab67d3f367d0263b6dbbd4f4ef8cb5c4be639a8f8c69b020592f41bd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\97978e0428d9bcbb43314afc2cd2a103.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\application data\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8DFF43342C68841C83BDE75D30616864.XZZX", "hashes": [ { "md5_hash": "da93b53581ea1df548127c7aa3cf7beb", "sha1_hash": "9ab045eb1bedaf584ebfde0d1bf46019ae1ff049", "sha256_hash": "69c84ce8d01c7e761d477281f27d618bc0c4fff56157ca43449725898de4fd4f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\8dff43342c68841c83bde75d30616864.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\FD82D02831F226B04645120F361F0AF8.XZZX", "hashes": [ { "md5_hash": "02fec1c5dc7e2590a9765b6fb3f32932", "sha1_hash": "3a7cc5153a6dd097f030de730922774f34339d9c", "sha256_hash": "1df186e7f72c994ad087878f1516afcc919c5aa93c4fd91e516a434439678998", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\fd82d02831f226b04645120f361f0af8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\3180D48C036A6FAAA02E258A076353F2.XZZX", "hashes": [ { "md5_hash": "fa1b1293b91e27d93f13b23f4da472c3", "sha1_hash": "7ee455e5a6aebb6facc9abc6743db788bb75a555", "sha256_hash": "776dd0b99dd4b18c6265d5bb97ddfa56f0cfa625e31fd473a52b94ea3d8e32eb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\3180d48c036a6faaa02e258a076353f2.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\278D60903B72BF40F401616C3FAFA388.XZZX", "hashes": [ { "md5_hash": "19ee4889b17d055dc24c0f0f206421e9", "sha1_hash": "33cad01020d2bbbe4199037fc04b4b5c77ba5892", "sha256_hash": "2df685df86595f3d205c6fc460fac4581945380ead55c28c69f18986b722a671", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\278d60903b72bf40f401616c3fafa388.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\63AB35AD17277526536F22E31B54596E.XZZX", "hashes": [ { "md5_hash": "28b81e6b09f2ff1a42abc265088acd62", "sha1_hash": "e6ae4d4422f09b686e3a61823b6144e5b8314504", "sha256_hash": "64756fa5d348dbbac0cb09b1558b567d609e96da8f6ab42c7097173f9385bcf5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\63ab35ad17277526536f22e31b54596e.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\8C424C551A76D4366F1622171E8EB87E.XZZX", "hashes": [ { "md5_hash": "5f293f0eac5fb35c56b22fac54dff248", "sha1_hash": "b5cd478953c437ab45228eaeb2c684311bcf8e84", "sha256_hash": "085dbc6bcc60b670175cb26ebaa343e17839c81d83a03679dfc9e6cb2f7b4630", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\8c424c551a76d4366f1622171e8eb87e.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\4C9E88000CB6CC7042EF328010E3B0B8.XZZX", "hashes": [ { "md5_hash": "c608d3534822e866482d2809a64ad4b6", "sha1_hash": "e28d66870811eef28a97c960283640d9222c2b66", "sha256_hash": "df37dbc3f9cd57a3a011091a152a8f1373befbdb90d3f49866dfa344dbf246df", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\4c9e88000cb6cc7042ef328010e3b0b8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\cookies\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4geU.pptx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4geu.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BE3510781871306D58A0B1081C6A14B5.XZZX", "hashes": [ { "md5_hash": "1f9aa5313695ddf23958e6e3aad848e1", "sha1_hash": "867e6960318877424c46921bb9099f2091b4815a", "sha256_hash": "2b4d200af3e59617ca142cf4e27a567cecd825afd291285002ae45cade56aa28", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\be3510781871306d58a0b1081c6a14b5.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5MzXbIREhTTTaeobss.pptx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5mzxbirehtttaeobss.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2FFB243E16646FF464F688111A91543C.XZZX", "hashes": [ { "md5_hash": "d4530ca468ffb9f183eee5966b298d7e", "sha1_hash": "deba00eeee77048da93c5651b154d6e7687d29dc", "sha256_hash": "31792954e1c5db412ca8299f714c44da70e4f54384d205da328568f585a51329", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\2ffb243e16646ff464f688111a91543c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8HoT4SPBYbm.xlsx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8hot4spbybm.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B34C34B41EC5682F9CB9477C22BE4C77.XZZX", "hashes": [ { "md5_hash": "dfa04f94f8ea24a531e3aedd827d5fbf", "sha1_hash": "a94fc7b6168efeb964274c5c21df2f66129e9cdd", "sha256_hash": "50aab8c08843ece8b6839c1beb894dcb7d01129082dbeccf4da1555e5567e1d1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b34c34b41ec5682f9cb9477c22be4c77.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8njS1by2_oecbNC P4zy.pptx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8njs1by2_oecbnc p4zy.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\96E8BC382A82756A96F374BC2E7B59B2.XZZX", "hashes": [ { "md5_hash": "baa927d05899846d8128dc2652f0e1da", "sha1_hash": "d04117b3bfc926ffb1316414491ce45ba0d0566d", "sha256_hash": "228a91cc95b34fbbd3c292d9c9346bce79c5b72c74a4591ca9187641d94db3b1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\96e8bc382a82756a96f374bc2e7b59b2.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\9sRvP5V9AccV.ods", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\9srvp5v9accv.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\A9467A821967F20598E66B961D60D64D.XZZX", "hashes": [ { "md5_hash": "0f462d7d5044e27c97479f358c7d6aef", "sha1_hash": "ef4f52ac12f97d90194971548fb3a301fbdcabb4", "sha256_hash": "9d992da6f514be3948454579b41360236ef3a1b0fbefe266d0ef588449544ade", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\a9467a821967f20598e66b961d60d64d.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ASEJIISwQeKimcHMn.xlsx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\asejiiswqekimchmn.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D8B4FBC032E124E029E6603236DA0928.XZZX", "hashes": [ { "md5_hash": "1171ed3b0ffcf3aa020cd28ee83e9eb7", "sha1_hash": "093b6525b6355efd8b32572410702ac540d2e9c1", "sha256_hash": "325163f38c746bd100fa9fe1cf1333a6b874bee390629ed76498e94778fc5fa4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d8b4fbc032e124e029e6603236da0928.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B92naCEgJ.docx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b92nacegj.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\AF137D37318F929FC9EC733B358876E7.XZZX", "hashes": [ { "md5_hash": "82004c86021c94d53032ecfdb83f370e", "sha1_hash": "d0881ed00484ca79cda816c05d458a8ea77d70fc", "sha256_hash": "5036fdce40bbb4c0f0249f19ae68c26b02a600299b4bb7caba155e7512ed9320", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\af137d37318f929fc9ec733b358876e7.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\de6NX.xlsx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\de6nx.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\E1CB2DE23002B20E4903A282342F9656.XZZX", "hashes": [ { "md5_hash": "e2cfc66de56f175d38c1aa7a8d5011c0", "sha1_hash": "c527d2339c52dc25cdde7ddc9f3711c3cb586316", "sha256_hash": "bd4f6687a6d0a7dd0b3b93663de82a17b724a6a6aee8982d0b4973438bf7abc2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e1cb2de23002b20e4903a282342f9656.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dKWKVTxHxijfZD_dSm_.xlsx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dkwkvtxhxijfzd_dsm_.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5A5E8816436ABA61C7EC8F1A47A79EA9.XZZX", "hashes": [ { "md5_hash": "e5568878364ee557ace58675f1ca50aa", "sha1_hash": "f024ff6f307dd504aad45a548789f393cc4e05ab", "sha256_hash": "b3f6f5113c93892024223b4188734833668fd7bc782a6367c645dd7352be6cfe", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5a5e8816436aba61c7ec8f1a47a79ea9.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dsL8WL.docx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dsl8wl.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4CA2A3B835A9C9D86061764339F6AE20.XZZX", "hashes": [ { "md5_hash": "6e6f0daf10918d01e72c4d8002373d8c", "sha1_hash": "72dd2b94f3b8c6c3dfed7534dcf5647f1ede90a1", "sha256_hash": "2c3552ae0fdd0bcf0ba05689550fa13217be85aa9df2bfe5a77aafac73ae5d46", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4ca2a3b835a9c9d86061764339f6ae20.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\e5mivlGcxa-nNKp.docx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e5mivlgcxa-nnkp.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7E0556C23257A27A640F901F368486C2.XZZX", "hashes": [ { "md5_hash": "28f4829c79f4eec9fd7cddfd060f07aa", "sha1_hash": "a7a666ad57dc3812867c7ea853ff4d797375c53a", "sha256_hash": "e7c311f2d14407fa76d5b422b37eb0e35f7acf8bd15d0a514c7a0750b4b664b8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7e0556c23257a27a640f901f368486c2.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\eL7YHoCZexIT pMk.docx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\el7yhoczexit pmk.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D4132CC416066089C413F0DC1A1E44D1.XZZX", "hashes": [ { "md5_hash": "79f69f3bcdca8095e7f6242ea2dbde8a", "sha1_hash": "882cfdde487ca0c545d3e2463f92b21ab81e63fa", "sha256_hash": "a4fcc7926a4c315a43245ed461e015e0b74a3ff71915a2bca221a419c48cb6d0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d4132cc416066089c413f0dc1a1e44d1.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EtzbOnPY1PmFQ.rtf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\etzbonpy1pmfq.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B8F78CE2222013C8FF50021B265CF810.XZZX", "hashes": [ { "md5_hash": "860c337e5dfb49521db578df71f496d3", "sha1_hash": "5d13c2e47f9200f5a47c97e1838f172dea682d1f", "sha256_hash": "ff1f9af96be15a21138d7de11a6d58e7b5fd60fac22a7635a31dd669c44d04f6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b8f78ce2222013c8ff50021b265cf810.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PJ8NaDyMfjtJM01lTM.xlsx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pj8nadymfjtjm01ltm.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\2F2EBAD63A6E51CF01E49D9E3E863617.XZZX", "hashes": [ { "md5_hash": "c8875444c336fb900e594143f0b53e78", "sha1_hash": "245e99cc9fe8fbbb06fd17c5e98f77d0fe7a8226", "sha256_hash": "ae122938e7e7a67e4f77917903a6c6eb90df1450190cb57eefe10b92c8d353f8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\2f2ebad63a6e51cf01e49d9e3e863617.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5F3F59042CD153CCC290441930FE3814.XZZX", "hashes": [ { "md5_hash": "068b4f214d2a568168bf785f95037b7e", "sha1_hash": "23112502950dcc498590a4d0b5afd344fda6e51e", "sha256_hash": "3f11eb5d5f05c27f29bcd0543c107f01af353ae96a54f2afd622e8ab43b00b08", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5f3f59042cd153ccc290441930fe3814.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\uGN1arUrfzZMomzHA.pptx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ugn1arurfzzmomzha.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\D7DDFDC32CF119C87B5BFA373108FE10.XZZX", "hashes": [ { "md5_hash": "add410986e6e80f02e2175724e40b0ab", "sha1_hash": "35f59bd3a3a5c1361980b9433a149cf01d64d1b2", "sha256_hash": "76181db8f9f4a1b80e3ef56b4190fa960d40ff0a080390e446b4992bf472fb83", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d7ddfdc32cf119c87b5bfa373108fe10.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X2tQqTNWjx7lgtPo5htj.pptx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x2tqqtnwjx7lgtpo5htj.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_oHxelCBmJ.docx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_ohxelcbmj.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\BB3CCCBC286641FC324D4A8B2C932644.XZZX", "hashes": [ { "md5_hash": "7c71fcc1c1df2874bd7e0a15236ab206", "sha1_hash": "280387cabd31fb7714a6e4dfb6d5c6dd16c05f5c", "sha256_hash": "fb690f762dc185a23f6dcaf85ac73638fc9c6bfba4915713d8cd56cbf1c56d72", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bb3cccbc286641fc324d4a8b2c932644.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_P_aT.odt", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_p_at.odt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\-tHIa9_.xls", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\-thia9_.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\38AA9E1F3FE71932FADE96E143FEFD7A.XZZX", "hashes": [ { "md5_hash": "1c704ab468506ad7d1c352cc2e0070e4", "sha1_hash": "104bd6b351c337578cd7df1e69f09f1292a9d018", "sha256_hash": "034185248f0990238dc977b26c28de529c2fc3851ed38b00e95044968ffc7bfa", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\38aa9e1f3fe71932fade96e143fefd7a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\B0407B59334CDCAF9E2CA2E33779C0F7.XZZX", "hashes": [ { "md5_hash": "4e2e176d209ff6f708568125d1c4ce8d", "sha1_hash": "66d11069b0d956233f44f832d95eba3533a124a1", "sha256_hash": "be2aa830518ca712f57ae92259a29fdc807c9d9d3cc0adc084bb6addc51b7ba0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b0407b59334cdcaf9e2ca2e33779c0f7.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\EE9B10B00F697CE4836159F013D6612C.XZZX", "hashes": [ { "md5_hash": "e5a22f5c0a824e162937a9d7b5cff37e", "sha1_hash": "9982ef4bb4be4bbd86b9ce2be0407ac663dba358", "sha256_hash": "a69df84dcfdb681257231df2a3d7a190cfecde3d0973165927c8bd85462c8c62", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ee9b10b00f697ce4836159f013d6612c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\Gg8kaToejw.xls", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\gg8katoejw.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\8441A0B23FA9B9126D832A0D43D69D5A.XZZX", "hashes": [ { "md5_hash": "0625acb064776d360affe00014a24ee2", "sha1_hash": "d8e097877556698786150617a7970b373d6fdc83", "sha256_hash": "2dc96cbdb288cc9cf7917353f57d832bee6f99c1254fc4654e7ffd791e095853", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\8441a0b23fa9b9126d832a0d43d69d5a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\JDjp8wKsx5Dz.ots", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\jdjp8wksx5dz.ots", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\240D5DC448CDCC4A47DE5EDE4CE5B092.XZZX", "hashes": [ { "md5_hash": "075ee2afdf45b3e2dcb505d5658cb709", "sha1_hash": "6b88b6ad96871cadec6cf38ba09fd68a56b95e20", "sha256_hash": "b07dbca680b89db0b02c68f3544dc6ed3443fe20e547ba1ee0e0c44341fd4a71", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\240d5dc448cdcc4a47de5ede4ce5b092.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\KtwKDD9P56tzPTxgwQR.ods", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ktwkdd9p56tzptxgwqr.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\mPKKZqdrZkc7.pdf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\mpkkzqdrzkc7.pdf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\2525214410F7DA278BE33B7C150FBE6F.XZZX", "hashes": [ { "md5_hash": "5821ffeafed312a4d7df3d5cdbdb93a7", "sha1_hash": "7c2fd252a5f6ea0e97355259ce1fba1dc8bd5aa6", "sha256_hash": "039db0df68723948a7a5a7448d3ebc6a64c952b71c68a3644dcfa5b17b22e164", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\2525214410f7da278be33b7c150fbe6f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\NMqv0Yc9MO55X.xls", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\nmqv0yc9mo55x.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\B4A323B51740B3FD1D50DD1D1B6D9845.XZZX", "hashes": [ { "md5_hash": "e79fbf767d4b3a3c75f729c2e6cbd6aa", "sha1_hash": "95f282c60802b04a65dd7013f1de0b1c08bc40f1", "sha256_hash": "c213f4a6e8c3529874071c1b810aa500568c0e79f0a88debd7a708cece6fc2d3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\b4a323b51740b3fd1d50dd1d1b6d9845.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\QRg3dKar.odp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\qrg3dkar.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\vqWzW8a_K.doc", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\vqwzw8a_k.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\A0DC431228DE1E088FD30DB72CF60250.XZZX", "hashes": [ { "md5_hash": "e45216fd5eb8cd93ed95052e5b3314fc", "sha1_hash": "e6d9128d60dd3a97fa512b6027bd287ba37b74cc", "sha256_hash": "f3c1254bf98f02a7987d79f1301e49adce9ae60d836c00c517ff582745249cc7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\a0dc431228de1e088fd30db72cf60250.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\4718805A3B556C301085A1313FC25078.XZZX", "hashes": [ { "md5_hash": "9f5c4299b1965454907854c71bfe6580", "sha1_hash": "a72f5fa9f522773340265caaba96102509339443", "sha256_hash": "403d8f8c46ae37fcb3335bf345f9dc78d3599fffeb011a5952be8db86f27860c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\4718805a3b556c301085a1313fc25078.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\YYzgnphG.csv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\yyzgnphg.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\3D3271B13FFA5012E003EAB54427345A.XZZX", "hashes": [ { "md5_hash": "da602b009d8cd890c1e3bdd2b5a5efb8", "sha1_hash": "4572b728efb3bc3ceaa60cf9571703650c204934", "sha256_hash": "1f91004a3d4904175142f00d64a898d9a2fc2aeafab0b937eb255a9efe93261d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\3d3271b13ffa5012e003eab54427345a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\8uRJm.csv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\8urjm.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\1B49D0D52A00521DE10DAFA32E183665.XZZX", "hashes": [ { "md5_hash": "cf18e086da2ac760667bc193720d99fa", "sha1_hash": "3a987526ed956ad2b3937b129bd57321e0ecc1d6", "sha256_hash": "198f4484c92081b5ee0a306ef59b169e302f9c4c8ffe7222df837684020e564b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\1b49d0d52a00521de10dafa32e183665.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\dUnN.ppt", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dunn.ppt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\069C108614226DDA8ED0A1A1188F5222.XZZX", "hashes": [ { "md5_hash": "cdf1740a130dcd83a703f15b3898d755", "sha1_hash": "1f823e96d319a9f20135f34c5b239346ee648b34", "sha256_hash": "20067c71c52c4c569cd39b5a475329ac95a3527b8a7978aa722d50634e5e06b7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\069c108614226dda8ed0a1a1188f5222.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E47D77FB28AD6F18CEB95D752CDA5360.XZZX", "hashes": [ { "md5_hash": "b4dbac01935a41cbaa158f50e4032daf", "sha1_hash": "ee9a2a54c8b786b95acc0be32418549461710cba", "sha256_hash": "816c11bafb15e7b8c30c61bbb0efee27793371f138d8e4ac5c05de925eef4a23", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\e47d77fb28ad6f18ceb95d752cda5360.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\DyX3zmFDQ.pps", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\dyx3zmfdq.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\Kv3rt4CpuhTFQ.pptx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\kv3rt4cpuhtfq.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\3D2178A332ED6F4701E92E353705538F.XZZX", "hashes": [ { "md5_hash": "f480b9ebc1a6e813b9bc2ecb624df014", "sha1_hash": "7f493207f514d1ef92bea3f437147beff4570289", "sha256_hash": "4aed55a0a8320460e6a3289e96f837cec7cd79c0da84efbd9276cfff5f977611", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\3d2178a332ed6f4701e92e353705538f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\WHrA_.docx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\whra_.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\9345D86A0F87DA84ADA8003E13B4BECC.XZZX", "hashes": [ { "md5_hash": "05e9a38bd2a8eb58b385fcc203ea4282", "sha1_hash": "b7ac79f626ef4d1e5934ed7b133f84e1f141ee14", "sha256_hash": "16a333cf8c552f487b54463e5e50abee2f51cd79d34ede62eb3e29468239defa", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\9345d86a0f87da84ada8003e13b4becc.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\YtaJJRAGe.rtf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\ytajjrage.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\A216BEA01542C25C94FD01F0195AA6A4.XZZX", "hashes": [ { "md5_hash": "630a139a9e73ccd9ac24b4447ab900ff", "sha1_hash": "da94f9b274ac0cf7af86251e759ad9e16d6a5f99", "sha256_hash": "baaca3f4434f4e8f0aaeab6ad4712a1e53d12b39d9de754c13cb5eb62817c36a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\a216bea01542c25c94fd01f0195aa6a4.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\E85C7261086E23DEDFC379D70C9B0826.XZZX", "hashes": [ { "md5_hash": "ff5926fd6c79d1ca4bdb2c1646ce451e", "sha1_hash": "94eb338b2f2316bbed6e44ff4008098c1c9c2c63", "sha256_hash": "390123269a79675bd22fa2f1096de4c5b6a5cd60a85b80326e7fce0603e3260d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\e85c7261086e23dedfc379d70c9b0826.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\ZjfGK_.odt", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\zjfgk_.odt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\hcLzjn0RCFG.odp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\hclzjn0rcfg.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\IkpxUp8UshIgHl1\\33820CBD02F4B0D349B807FF070C951B.XZZX", "hashes": [ { "md5_hash": "172705fe35eab7f0a943c14fd12c13cd", "sha1_hash": "8c23e02ba967118a24e90635f98ae40162fdcdc2", "sha256_hash": "5d95e36c4e05dae3890220d86fa52e6f8bb64c24f7c5adceb9cc10f947104364", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\33820cbd02f4b0d349b807ff070c951b.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\IcF1qMW8Ow.doc", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\icf1qmw8ow.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\632A4073379A2FDC09389DEB3BC71424.XZZX", "hashes": [ { "md5_hash": "cd4f89617d0a4d0cc2180c36f5b9c9b2", "sha1_hash": "eaf0540c1a148a648724908ceb4f129d13c5ccb0", "sha256_hash": "caccdf7bbf5c32b3088ed685e6e354cc3e31f280f331802d25659b4d666c6714", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\632a4073379a2fdc09389deb3bc71424.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\Ld7trnreSqi.doc", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\ld7trnresqi.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\6B01EA683DC5F7920A3C155C41DDDBDA.XZZX", "hashes": [ { "md5_hash": "d0cfe4acca118972fb75384684f8f364", "sha1_hash": "59d49c41072e578802b95056a186338ed46332da", "sha256_hash": "16416e08daa079d2db90a9465fab59399f3e122775c84b400d99cff4f343b812", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\6b01ea683dc5f7920a3c155c41dddbda.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\nmyti-BLd1o.xlsx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\nmyti-bld1o.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\5154BE9C1011AFD27B96A6C6143E941A.XZZX", "hashes": [ { "md5_hash": "b1c3432d2f07aa1891eeda4ed9c0f8f4", "sha1_hash": "287450b04ea91a1c35ea39a9c93abb3507331656", "sha256_hash": "8cf2b9dba45a5c49b414aabdea6e2e3f4ba3721d3eb5a16ff682053ab737ade4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\5154be9c1011afd27b96a6c6143e941a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\qOmkS_BDD92-oYj.xls", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\qomks_bdd92-oyj.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\F8F047460EB3954ECCCBC0D612CB7996.XZZX", "hashes": [ { "md5_hash": "1ced70356d384fbe0887df89f72ed012", "sha1_hash": "ee9eff3bd7d6ee254715736b44258f5a0a776ad4", "sha256_hash": "671427d0ef4d90ef2ec86049d767aafcdbd5d1af83bdf0dbd9ed6e2229dde220", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\f8f047460eb3954ecccbc0d612cb7996.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\E3E55C1830B142FC6C2B225E34DE2744.XZZX", "hashes": [ { "md5_hash": "66d1b0c8809a3e340a06443cffe1f852", "sha1_hash": "e99da89cf13cc863694e1be22acb212250fd3dd3", "sha256_hash": "5709e9813696c9d853b00a1adf14f5a1b8d9354cf278201fad891edc4c1ee1f2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\e3e55c1830b142fc6c2b225e34de2744.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\seND1DmmOud5.xls", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\send1dmmoud5.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\73C0D9902A7964C0808D031B2E914908.XZZX", "hashes": [ { "md5_hash": "f2a52aeb2e175a88aeacd11063e8d9fb", "sha1_hash": "d0c8780275620821cc79c90a8b682ff3b2367667", "sha256_hash": "a8f2542a30e5c2ba92fe555dc27cc04bb55576534aa25f7a1729a4759e87a869", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\73c0d9902a7964c0808d031b2e914908.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\tKsxqcE.csv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\tksxqce.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\0FE24CF432281F2497377D743655036C.XZZX", "hashes": [ { "md5_hash": "aa8f05f29f54f1ded055b59bb41b4e2e", "sha1_hash": "d082e00a2613cac7d2e9ff4fbe09e87d01bce909", "sha256_hash": "d259c116e5af57217c025394521eb030bd54a48042075cb8a8bee830709c3c02", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\0fe24cf432281f2497377d743655036c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\xlbxUnchVTGwsFtof.doc", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\xlbxunchvtgwsftof.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\7D60B7A8152CECB0B780C8B61944D0F8.XZZX", "hashes": [ { "md5_hash": "66a036e74ef16981c2c5de0cd95dacd8", "sha1_hash": "321f6f985b84627c6e3823b3c9ce1dde7d2f511d", "sha256_hash": "d98b48f11989504c182d7ebc89ba5080e35c7934159ad5ebe0b33d549ff45812", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\7d60b7a8152cecb0b780c8b61944d0f8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\ZN_ n.ots", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zn_ n.ots", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\DE6D908A0693B67D2F37324A0AAB9AC5.XZZX", "hashes": [ { "md5_hash": "602bad099f347131c7d0fc42288f7d88", "sha1_hash": "fe09e2fe4d1e19443f1edc366e9a7b05b76b2028", "sha256_hash": "eb612eebd781e26d352df807b376fa664f9d0a924fa740f69e7631f6e435ef09", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\de6d908a0693b67d2f37324a0aab9ac5.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\zRPN8xkNuY7pBA7JA.csv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\zrpn8xknuy7pba7ja.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\4CDE900F0BC30BB32AB81EE70FDAEFFB.XZZX", "hashes": [ { "md5_hash": "fa0472ec8ffba2664c7fe54ab03d9a35", "sha1_hash": "5a45953bcbba0e03aa81752ec481cbda743e827e", "sha256_hash": "cf9d5c8015302523ac1dd101e5fe19350a023a2971361e03c28038bbcaef53de", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\4cde900f0bc30bb32ab81ee70fdaeffb.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\lhhNd9leW5xmlXw00JFa\\ZW28zqHzfxAY2NV\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\BF7B86490294F06B45AC44D706ACD4B3.XZZX", "hashes": [ { "md5_hash": "3cef2ac0d6eb9cbd7fb5525810239b11", "sha1_hash": "112856c2cdba6c0ee0b000c4edd1111888304ba0", "sha256_hash": "15663764387d013c1833ee7d44801236a79922e5743043e7fbfe4adb58b70d73", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\bf7b86490294f06b45ac44d706acd4b3.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\7B7BA3C4205941180FE9457124712560.XZZX", "hashes": [ { "md5_hash": "84d2cc2a52da42f308082110d804e971", "sha1_hash": "c55a945c726e0d54f338fa1b2ea5998dd831ca49", "sha256_hash": "fe626bed5e421e266b5b5def2ee3de64434004a93769c8a5c79e4aecd162caad", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\7b7ba3c4205941180fe9457124712560.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\7BA753503E40D4C00F297B124258B908.XZZX", "hashes": [ { "md5_hash": "cf5d5391f97c7bb8a30d0b46566a1ce6", "sha1_hash": "be3a212ab2b9f7d28d705ef4d70658ab14844c7e", "sha256_hash": "114b557c1f4d8f2826300e8b2c011b49d7ccc9a0bd9b4bf6ce1f75e037e96594", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\7ba753503e40d4c00f297b124258b908.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\4645E01C4F3CCEC4EA018E655354B30C.XZZX", "hashes": [ { "md5_hash": "760acaac8a4822c7708300c7b7412b40", "sha1_hash": "a74a21cfe42872d6debb2f0590257467f6cefeb6", "sha256_hash": "c8bf3bbcb47c1d2e675716e436eb2a8e3ef7f884f4c43358555a7ad9b434d181", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\4645e01c4f3ccec4ea018e655354b30c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\72A6C9432269CCE1A510518B2681B129.XZZX", "hashes": [ { "md5_hash": "f416139ee234a074a84840a79d5e4492", "sha1_hash": "f460a746dcc8ce5ce54bb57a9fd7c0ef1a8a3f60", "sha256_hash": "403ff5c14278cf92f5b57faa89ee5bd1213cf65f72c9c57d69917124a83e196f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\72a6c9432269cce1a510518b2681b129.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\8E5ECE9444DBAF1A59BC413E48F39362.XZZX", "hashes": [ { "md5_hash": "55bfb842ce6739aa416236f6579d0b37", "sha1_hash": "b7b40b2365139cf8355cdc3cd176105ca78d507f", "sha256_hash": "8d70759716c129c0b812279dae24c4747816b35e8c06cab0f41761fcefcc347b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\8e5ece9444dbaf1a59bc413e48f39362.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\B8440918056E9F026EA48C8C0986834A.XZZX", "hashes": [ { "md5_hash": "731f9dfe1d316d6b0fcb427621a5cbed", "sha1_hash": "cd95f93ad65b8893e58bc74bc17e4363f21e0b4c", "sha256_hash": "51364ec4cde902259292f3732ec387e8169d965fed6d472be2e56aa53052b578", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\b8440918056e9f026ea48c8c0986834a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\15DC3754190A8EA84ED7A99B1D2272F0.XZZX", "hashes": [ { "md5_hash": "2718bbf5f733c4313b2030de72a5f064", "sha1_hash": "2e3d7e85acae7c40273a65316ab5fa7fd2f458c5", "sha256_hash": "8d832c6a9193c46a924a3a25f9b6fc4b557f4efa3a72579291806709e86c6d3c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\15dc3754190a8ea84ed7a99b1d2272f0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1B49B9E018F35807975DC8201D0B3C4F.XZZX", "hashes": [ { "md5_hash": "d90ed03b0659f370f185a930ffd12c01", "sha1_hash": "b155e0fea261b0509ba54a744fe90ac9464c5502", "sha256_hash": "ac1ee59f00279cec0f8555b1122a071d13429101df144dc54085bba18be5722c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\1b49b9e018f35807975dc8201d0b3c4f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\FD9030E848C62D90344A51E94CDE11D8.XZZX", "hashes": [ { "md5_hash": "b62a4313f4a8109e488acbb907d7a948", "sha1_hash": "06ab81ed90ecada598fe0381f3bd54d2138be405", "sha256_hash": "7836e3508d1804f4e1707cea6d58f254b73bd941f0b915ad2a24a9ccb6ef7116", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\fd9030e848c62d90344a51e94cde11d8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\30FEF3B4011ABE0E503ED66C0532A256.XZZX", "hashes": [ { "md5_hash": "7b6ba656037cdc448f6ed1f41a1300c5", "sha1_hash": "916b741f616d9fba93ffe6088ff8c4b2bbb57196", "sha256_hash": "5a0229d14f2b37da6afbd19825edb1a8aa30a539309efb5be4987903a0da5eb2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\30fef3b4011abe0e503ed66c0532a256.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\B2A8C78F28F146042377D2FD2D1E2A4C.XZZX", "hashes": [ { "md5_hash": "0d379c94c9634504f0392b6ae9b3ccf4", "sha1_hash": "1c343789a8fb47bfc4161662cb41d49788898dc1", "sha256_hash": "5c4b32cf30da1bc7b1cbb434c9236c71c0a0cc5a4ae4440ea35454f19249d5f3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\b2a8c78f28f146042377d2fd2d1e2a4c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\1844FE2A092A01627C9EB5E50D41E5AA.XZZX", "hashes": [ { "md5_hash": "25f0799c63bd239b7af324814d33d6a7", "sha1_hash": "32f7654ae81ad249a7e119fbaa8afc5515128646", "sha256_hash": "2ffb53b4fb4aac427fa007a8568f267cc5e1f2b5c90432171aeffd15525dd2b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\1844fe2a092a01627c9eb5e50d41e5aa.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\833DF956476C97EAEAF8AD0B4B847C32.XZZX", "hashes": [ { "md5_hash": "c5a7b6f40f786b4f38dab85eb63ff458", "sha1_hash": "cdcdde2bf8309b8219efcf9ebba08db1899eff9b", "sha256_hash": "1f6d95700d944989057bcd1fadaab71fca3c1e244a3e6ad5b74550da07fbffeb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\833df956476c97eaeaf8ad0b4b847c32.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\13771DB6235C0ADD78BD03922773EF25.XZZX", "hashes": [ { "md5_hash": "d8c8e49869b0894ce1c39de2e0596262", "sha1_hash": "f02be445418ff5faa34a6aa8aa02f817d8b94fde", "sha256_hash": "50433ca1689fe9fb678311ca369226bfb8ee955d705834f74f006651e2375cbb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\13771db6235c0add78bd03922773ef25.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\8F3B67D5108CB69FDD5C15D914B99AE7.XZZX", "hashes": [ { "md5_hash": "9e37796c60680bba180b4bda51c6c848", "sha1_hash": "f544655115941f161ec46a3c91a0a86f55783cc8", "sha256_hash": "76b2334c79f6cdf7d6fe27edaf0d335a548d069dc3e347fe5125d4262a0cf2e3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\8f3b67d5108cb69fdd5c15d914b99ae7.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\94764F5B3C2DC73EAED48D494045AB86.XZZX", "hashes": [ { "md5_hash": "6f7e39e7975d0e66dd208f8a141fdf90", "sha1_hash": "3d853e036d8c934467626a19c14c9b5c9e365495", "sha256_hash": "a3b721c0ae2df20467a22647c4722abbb62b06f06c770e7022b1b175d4313aa0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\94764f5b3c2dc73eaed48d494045ab86.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\583CA788134302604AF8FA2E175AE6A8.XZZX", "hashes": [ { "md5_hash": "9217170c0c1dac3e954e43177162d0b6", "sha1_hash": "2a35c29640b3e7e02004d36e358ed19cae619efb", "sha256_hash": "d41a5ca2893360731a2ae6bbfb955e60bdd221c35f7bb479ea6ea3e94c360a0c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\583ca788134302604af8fa2e175ae6a8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\880F5E93248AC126C0E08BB728B7A56E.XZZX", "hashes": [ { "md5_hash": "5235f32bacf62ce875c416b6a0e119b1", "sha1_hash": "54f160ca84c0fe0a674a13ca5217d6dea31299a1", "sha256_hash": "a421ada38182be3b492ea9bfded026b859abaaaca9643ee5b1c2af5d5d443bb3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\880f5e93248ac126c0e08bb728b7a56e.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\9AA1DB0A3E2DB1949E51C4AE424595DC.XZZX", "hashes": [ { "md5_hash": "4c75edd47dcd6a49d4fd5e7127e5729a", "sha1_hash": "132e069269ed2fc6ce8a7e0559affb118bf810dc", "sha256_hash": "f1b9def9278c0bce1e8353460f21a3029b7e3510cf998c7233ce80644b83a712", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\9aa1db0a3e2db1949e51c4ae424595dc.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\D9B986602FBC15FEC37446303428FA46.XZZX", "hashes": [ { "md5_hash": "ead1d310ed213a5e11b13fa2b7bdf3f4", "sha1_hash": "7dfbffc8e708803445fe3fcea81abca9f93a7432", "sha256_hash": "14a44c681f34a848cfa8539761f2852a2378efed24e1f51cfe6ba7026be76216", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\d9b986602fbc15fec37446303428fa46.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\FD9D491315D8C1EEE26AF31719F0A636.XZZX", "hashes": [ { "md5_hash": "00bf787a8b621ec6cc8d075a44d3f4f5", "sha1_hash": "1339d921e13d2594ed344e066162b4b55af89e4e", "sha256_hash": "6f3d6bee59332e753cea279ade3649ecf38cb5a9aec033ba6568cd593d88f0c2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\fd9d491315d8c1eee26af31719f0a636.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\A58916D017654CD0CF379F2B1B923118.XZZX", "hashes": [ { "md5_hash": "1861d12da7cadebbfadaaf5fcae2fa08", "sha1_hash": "95a58e3c2e4068eb4d965338b78ccc34d64f4a1f", "sha256_hash": "367dfc1aab18979d723f555d5b8db12d0db682aaa3cdd54b011fa10353fee3cd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\a58916d017654cd0cf379f2b1b923118.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\local settings\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\11DaFVcd U6Q75nbu_.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\11dafvcd u6q75nbu_.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\AFA4CBC047178B40A7E7AA8D4B2F6F88.XZZX", "hashes": [ { "md5_hash": "bbd52b08633142b1a05bf5aabbb1120c", "sha1_hash": "ac8baf7c3c291a8ad2d7ad6a27beb53903fa5af7", "sha256_hash": "6233fcb1e4e49031ca08b31646268d13a4147d4c5f428313dd8cff656499c805", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\afa4cbc047178b40a7e7aa8d4b2f6f88.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\02D36BF7229FBF1A2D198367271CA362.XZZX", "hashes": [ { "md5_hash": "8d697c13c4bebeb2470a203db13767d2", "sha1_hash": "2b15ca0c4217de43c53776d39216f9d1972c99fd", "sha256_hash": "c1fa1ab30f748fdfe2fb5d7999a3ca670fcfe862a20e77183921b26f9bd85fc6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\02d36bf7229fbf1a2d198367271ca362.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\8YglZU.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\8yglzu.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Ae42UeoE.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ae42ueoe.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\95567F6E0CF2434A8F3CB62A111F2792.XZZX", "hashes": [ { "md5_hash": "455acf569a78a766035542b7c025f8ea", "sha1_hash": "bbbc51e1be2d9b5507be5cb95eb7f57be01b540c", "sha256_hash": "011278a45019dc36bb9db7084523d27eb4806439e7748da04211a46a79070380", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\95567f6e0cf2434a8f3cb62a111f2792.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D25EF7C41A27D9E43EBB395A1EBABE2C.XZZX", "hashes": [ { "md5_hash": "754ad1f657d88ca8c43eed66bdffef39", "sha1_hash": "286db2a3fcc09af1c9b06be39102f4fb3e1d0958", "sha256_hash": "5df4fcfcfa891fd400fccbaac82e8e0ad1359108f67cc8740f07543a04aaf9bd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\d25ef7c41a27d9e43ebb395a1ebabe2c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ImbzlHSAeRD0mYdABk.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\imbzlhsaerd0mydabk.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\61C67744188385C0EADA50E91CF06A08.XZZX", "hashes": [ { "md5_hash": "6621b1997d6cbd1c889ebc297ea56373", "sha1_hash": "1ff0ae557c64e1b4a34f92e9547629e64ee8aed7", "sha256_hash": "5133e1ef36c9fcb9ad0188a365d22faf63637ac6c86f1c60d5983444b9f6d14e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\61c67744188385c0eada50e91cf06a08.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\JKoqX.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jkoqx.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FCD862501902E584E01CEFE81DABC9CC.XZZX", "hashes": [ { "md5_hash": "e7d862e612fe891e31344f78acdb3436", "sha1_hash": "1ca0de52571149182c8f63c4dcc0aeeabb789560", "sha256_hash": "c22bd8fb406827096820d418b530a5ee87bc1870e2d8d4a69a15837057bb17fa", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fcd862501902e584e01cefe81dabc9cc.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\yV_ r.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\yv_ r.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\5EF7279E2ED18E2582C79CC632E9726D.XZZX", "hashes": [ { "md5_hash": "726705e4c5f5e6ba5939d025fd87e895", "sha1_hash": "9affa9196730805eb431774664eda2f47f2e6b29", "sha256_hash": "8dad840babee49b711c27e83ea5a5094fc12e9fa099be8dbba9b2a715d2ba193", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\5ef7279e2ed18e2582c79cc632e9726d.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Z9ycP6znphCfb.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\z9ycp6znphcfb.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\129DFDC608A49A7CBFF35CF70D217EC4.XZZX", "hashes": [ { "md5_hash": "d54c435d95e9b30b15afd93207f46f79", "sha1_hash": "b26921b8ca1aa96ca1d31b67b3cfc78177055c70", "sha256_hash": "9156bab19d37f1fc49fbca9a5b4e16637c59c9f96b315e4d2e0632d2850d8bdf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\129dfdc608a49a7cbff35cf70d217ec4.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6Fs5O-wZK5i.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6fs5o-wzk5i.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\35A8A5603BE70712A81D33D040A3EB5A.XZZX", "hashes": [ { "md5_hash": "803ffe4870325b3051b7f545419ff130", "sha1_hash": "55ae39d4862be22a09bb45c8d8439670bed66501", "sha256_hash": "37eaa139ed744f5dff67cf1dc8df9d2a510f25a4c073a5c7fdfae6ba69c9dcba", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\35a8a5603be70712a81d33d040a3eb5a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\B169CAD546C877A0159FDF7F4B675BE8.XZZX", "hashes": [ { "md5_hash": "ea34f06f4df7b220e1c54236d20cb25b", "sha1_hash": "f06919af9f35d49ddcfec8fcaa9ddf7f70c8be8f", "sha256_hash": "96f59caaf8bdce2e5bab2138bc46c437e7b11f18bd8d72a9c5ffb1b01155a364", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b169cad546c877a0159fdf7f4b675be8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3DAB40862FBD462437E5810B348A2A6C.XZZX", "hashes": [ { "md5_hash": "0f6cf9a5de83764a04e784a50cb94049", "sha1_hash": "3e25e007630c221b670b542f29b9260729883520", "sha256_hash": "8d4aac20fc3e7cfe7ba8d8e0de6c599b0303bd947e5a8dc464e8dc2f5d6298b8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3dab40862fbd462437e5810b348a2a6c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\70CB960A1797B0A14EB31B321C2694E9.XZZX", "hashes": [ { "md5_hash": "f2d8bbf24987f9ddf50724a32bcce8dc", "sha1_hash": "c28e2e082d5df0447038c7bc78d1f2a5200d155e", "sha256_hash": "1d3a92482f84b28eeb7101420aafc00b1b2b9d0d34dd43dea9274e2fdc43a535", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\70cb960a1797b0a14eb31b321c2694e9.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\51A5A3C031894064FCB3CED0366624AC.XZZX", "hashes": [ { "md5_hash": "f3deb548130f7e011f7e14d22a6a33b1", "sha1_hash": "dba44308f33c87cfaf2a298aef9f2f9cd89e1a04", "sha256_hash": "35c49df5839e24e53bddab5141f7f42ca9a02f405ce2f22542a9a67290faa6cc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\51a5a3c031894064fcb3ced0366624ac.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\FAD3BB6308C4FC66694F337D0D31E0AE.XZZX", "hashes": [ { "md5_hash": "854596fd469ad894a3579955c4871711", "sha1_hash": "3d76d7035aa2cef358b260d898c98b7edfcedada", "sha256_hash": "b901fa970a0d8e0a69382aa8e0fea84503a8b893488d5bde9b819b6bafac418a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fad3bb6308c4fc66694f337d0d31e0ae.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\C8E8BDDC263509ECACA7C0D62A50EE34.XZZX", "hashes": [ { "md5_hash": "67840eada81e1a87a8cbc6553d4b268c", "sha1_hash": "de9bdeee50966200847186c73d2016a0590b075d", "sha256_hash": "cd0750b9a1d243470427e9ff106284b41ba15fc95b2bdfb0ced0b02d07f61c80", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\c8e8bddc263509ecaca7c0d62a50ee34.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9tkObc3F16FjSYiAwFD.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9tkobc3f16fjsyiawfd.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\EED603F80D860CC870D6498A119DF110.XZZX", "hashes": [ { "md5_hash": "29ac431be819c3c08d164e8b45b87b96", "sha1_hash": "84665235ede98bb2c4a8028457f15ca7a7df78bd", "sha256_hash": "f0b0e27fb2df28ccf175ed5e290904ef6452459c38f6112eee94c653aa29c39b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\eed603f80d860cc870d6498a119df110.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\aF_IB.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\af_ib.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\1037641408F8F044B7533AA10D10D48C.XZZX", "hashes": [ { "md5_hash": "518f55a70ccc91278fbfcd6b82d39475", "sha1_hash": "8ac8072872947ae19882007f93f39136d2de6783", "sha256_hash": "d679309f5d54526e3f52daff0d9b57e3e05dacd81c322002a148ccd16fac1853", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\1037641408f8f044b7533aa10d10d48c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\jEamZMQ.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jeamzmq.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\B5A4F8D81D2BC280A6FB77022143A6C8.XZZX", "hashes": [ { "md5_hash": "4e87399c40fbfda8101d6aad53516284", "sha1_hash": "dc45c3afabd3181402af348a5117d5ad19007b23", "sha256_hash": "0907d363360d3006b669cd1381e43df64ea5cbe9b0885fc06aa62aa126745c52", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\b5a4f8d81d2bc280a6fb77022143a6c8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\JO1Lf.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\jo1lf.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\A191878831212978B3B60CE1354E0DC0.XZZX", "hashes": [ { "md5_hash": "8dd9d1b39acad994134ba22fd083d063", "sha1_hash": "9bed907ef3aec0312e411c74e4b8601cc80fc00f", "sha256_hash": "b363630acd603d3ece19b269f42df9c629e86c6158c28b0d35c4e0c6b84c26dd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\a191878831212978b3b60ce1354e0dc0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\oKJQx_NM6hXc.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\okjqx_nm6hxc.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\6D35692C49D86B1ADE80FADA4DF04F62.XZZX", "hashes": [ { "md5_hash": "ab3e7f2a0e819e9b302d9d8aa1546364", "sha1_hash": "5347c2473d17fa039bff1d5f7e0568d5df042ffd", "sha256_hash": "da4d2b66f8a08969f6d0a9d0ff24fbfd6aaf586ddc98f3ec1649378680d89600", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6d35692c49d86b1ade80fada4df04f62.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\TWlZw1pNzI1gwZW3OH.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\twlzw1pnzi1gwzw3oh.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\E003588E3DA0B59DC1493EC641B899E5.XZZX", "hashes": [ { "md5_hash": "dacbac43435b740f3687e55dbe3a50d5", "sha1_hash": "5f1758c04b8145e8b2c44189ead9cea88f2cc6de", "sha256_hash": "0d113ad6c16f02590835e924dacdccddfb5a9fb0eaa16719c2af21afce3d5cd8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\e003588e3da0b59dc1493ec641b899e5.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\UazSw8R1r.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\uazsw8r1r.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\X7t8w3.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\x7t8w3.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\54E892FC383D1FA0EE2D03953C6A03E8.XZZX", "hashes": [ { "md5_hash": "6090b1a158fb63a3abc0df52f99f0ce2", "sha1_hash": "454a9b49ff7875a3e75ccee586c95e0e52b79b8d", "sha256_hash": "7b52d0a7bf88d9e960ce48fa8bb318895d089d49a16c338c6355b5191a6dd9b6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\54e892fc383d1fa0ee2d03953c6a03e8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\2zrMBovJou.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\2zrmbovjou.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\23947E243409DC7CAF2C62063821C0C4.XZZX", "hashes": [ { "md5_hash": "e5b58e6bae92e1066b3798d97eaf33b3", "sha1_hash": "c46ae251d9196e6dfdeaa9655c4345aadd8c4ad4", "sha256_hash": "4a4998a7614f46d66106c1d5ea6911de4260172e27a340120e7e6f9db191c33d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\23947e243409dc7caf2c62063821c0c4.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\btD83YaGWQR.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btd83yagwqr.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\6B2DB7FF0F9811B2CFADC1531390F5FA.XZZX", "hashes": [ { "md5_hash": "149039c782d26be150787a53c60b0fb8", "sha1_hash": "5bad17c6f209bdebb28e1606fa9f14ece3dffeb3", "sha256_hash": "dfb87c3b75ba2525237c00a764bff401e5e8b03ff4ef2c6fcfa72626fbcc7515", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\6b2db7ff0f9811b2cfadc1531390f5fa.xzzx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\8515860F00F2A87F630C5931054D8CC7.XZZX", "hashes": [ { "md5_hash": "7af68820a4f620b83c4406bd45612a54", "sha1_hash": "39216ecbbd1a8402bbf9c24ab0933a15c80d0d18", "sha256_hash": "2be045ba74174227aea2172dc348655bd52185d0f3587708df15a3362272e895", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\8515860f00f2a87f630c5931054d8cc7.xzzx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": 0, "hashes": [], "norm_filename": "0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "vssadmin.exe", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vssadmin.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7600\ud4fd\u0016\ufffe\uffff\u3ca3\u76ed\u0002", "hashes": [], "norm_filename": "\u076f\u7600\ud4fd\u0016\ufffe\uffff\u3ca3\u76ed\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\uc200\u00c4,\u0001", "hashes": [], "norm_filename": "\u076f\uc200\u00e4,\u0001", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7400\uffff\uffff\ufbda\u76eb\u890a\u75cf\u0002", "hashes": [], "norm_filename": "\u076f\u7400\uffff\uffff\ufbda\u76eb\u890a\u75cf\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7600", "hashes": [], "norm_filename": "\u076f\u7600", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7600\ue2e4\u76e2\u0150\u01e7\u01d4\u01e7\u0002", "hashes": [], "norm_filename": "\u076f\u7600\ue2e4\u76e2\u0151\u01e7\u01d4\u01e7\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7600\ud4bc\u0016\ufffe\uffff\u3ca3\u76ed\u0002", "hashes": [], "norm_filename": "\u076f\u7600\ud4bc\u0016\ufffe\uffff\u3ca3\u76ed\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u0100\u21ab\u01e7", "hashes": [], "norm_filename": "\u076f\u0101\u21ab\u01e7", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\uc600\u00c4\u01e7\u0001", "hashes": [], "norm_filename": "\u076f\uc600\u00e4\u01e7\u0001", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u0100\ufeac\u0018\u389e\u76ed\u0138\u01e7\u0002", "hashes": [], "norm_filename": "\u076f\u0101\ufeac\u0018\u389e\u76ed\u0138\u01e7\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u1f00\u0150\u01e7\u0150\u01e7\u21b0\u01e7\u0002", "hashes": [], "norm_filename": "\u076f\u1f00\u0151\u01e7\u0151\u01e7\u21b0\u01e7\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2_r9zrnyCzzJ.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\2_r9zrnyczzj.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2--S BWBtG7 nG.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\2--s bwbtg7 ng.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BtnyH.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btnyh.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\bTxozG6jGL89 vQ7JVm.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btxozg6jgl89 vq7jvm.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\dTOAV.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dtoav.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\j3v_bMSa tx-.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\j3v_bmsa tx-.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\jtsnNF8Wy Jt.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\jtsnnf8wy jt.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\LuguQ9Fu8UwQPMQRFj.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\luguq9fu8uwqpmqrfj.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\OPPnhBe-ZTrVhEG421.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\oppnhbe-ztrvheg421.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\WWsZT9B6tKUn2DClW.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\wwszt9b6tkun2dclw.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\xN7YDKwcce9C5peK.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\xn7ydkwcce9c5pek.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\zCdoEQ.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\zcdoeq.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_iJcWlMQ1CRXwuy.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_ijcwlmq1crxwuy.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3vgH.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\3vgh.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\45 WvgNJuT9AYaRmo.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\45 wvgnjut9ayarmo.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\nvHO8po6UT1lfU646l.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\nvho8po6ut1lfu646l.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\oCadhb.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\ocadhb.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\qEqtENZ.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\qeqtenz.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\S9Jj_mVynZU911YcI-J0.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\s9jj_mvynzu911yci-j0.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0feLIIudH.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0feliiudh.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0uVNLdVwplc802HWrb1.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0uvnldvwplc802hwrb1.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2b2gQ2C3WuJEBl.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2b2gq2c3wujebl.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5X6u252V SzZ.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5x6u252v szz.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\9s0pX7t.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\9s0px7t.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aqn8.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aqn8.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\azuNey.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\azuney.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\B4vC-SYblpXq.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\b4vc-syblpxq.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bqBGtF.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bqbgtf.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bz3TQY.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bz3tqy.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dcuecnaq5mY4vS.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dcuecnaq5my4vs.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\diyvOkO.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\diyvoko.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d_ywXujVU Wq1E.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d_ywxujvu wq1e.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\E mrX_4M3P5jMLSuXG.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\e mrx_4m3p5jmlsuxg.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFqA4 2WndIy.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqa4 2wndiy.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fTtF.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fttf.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g43hR4r2QCQPskvQatT.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\g43hr4r2qcqpskvqatt.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ghz9u7C.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ghz9u7c.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gpnG5_ q-ZTGc_4b76b.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\gpng5_ q-ztgc_4b76b.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hl35zcYZE.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hl35zcyze.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Hx4D_z73m1pGCpzIPXzy.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hx4d_z73m1pgcpzipxzy.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3NI.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k3ni.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\kfqhp.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\kfqhp.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LiEtBonze.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lietbonze.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mXMMLg1uw.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mxmmlg1uw.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\oEKbZ-fUq6tWCg3E9gms.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\oekbz-fuq6twcg3e9gms.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pDGmGQvtKPZ_ns.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pdgmgqvtkpz_ns.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PTV-5E.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ptv-5e.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VL2r.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vl2r.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VUaHmntzHPrBw9rs6O1.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vuahmntzhprbw9rs6o1.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wbMFjBguMLJG3mRfnnUn.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wbmfjbgumljg3mrfnnun.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\XL uwZp2bbBe4jnmB.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xl uwzp2bbbe4jnmb.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y5Mqnfp y9ox7lXm62.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\y5mqnfp y9ox7lxm62.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yj-AfpoJM9u50s86.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yj-afpojm9u50s86.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ylARzGL.png", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ylarzgl.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D30YP5u1qzg5-VZ7306q.mkv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d30yp5u1qzg5-vz7306q.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J20J9-k9Q1AQR.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j20j9-k9q1aqr.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l0jm8.avi", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\l0jm8.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\s2dwcVO_4E6w.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\s2dwcvo_4e6w.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zpPjma0L3Hj-_nB.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\zppjma0l3hj-_nb.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2 mjBTvZEWz.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2 mjbtvzewz.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\92y tDp.avi", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\92y tdp.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\ArnUUg6o.mkv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\arnuug6o.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7TSkSEjcLf8xikPUr.avi", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\7tsksejclf8xikpur.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\bAFZ2xGuKI.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\bafz2xguki.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\ibE0v-Egfbu047ynw.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\ibe0v-egfbu047ynw.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\MI1L.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\mi1l.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\No0nJ8TKbF9hYhiurGN.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\no0nj8tkbf9hyhiurgn.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\q_QGnOQQGbujC4p8q.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\q_qgnoqqgbujc4p8q.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\wMr3QKnu.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\wmr3qknu.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\5Cc08SMWT PKYNwSj.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\5cc08smwt pkynwsj.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\i2GwNYb4B.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\i2gwnyb4b.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\NxtD.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\nxtd.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\6OPfc4qVaMTq.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\6opfc4qvamtq.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\MyRwYX_9-WNJ1OXdc1N.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\myrwyx_9-wnj1oxdc1n.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\yXpEf4.mkv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\yxpef4.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8bunT0Nrx1v M.avi", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\8bunt0nrx1v m.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\aC_Ja4AvvNCLsQMnj7.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\ac_ja4avvnclsqmnj7.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\bjQVhKZ0dfp8gRtn_Z.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\bjqvhkz0dfp8grtn_z.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\xTAGaGiIpU.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\xtagagiipu.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\AmR.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\amr.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\fJw1HV.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\fjw1hv.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\Moq53i08kUE_j1CIf3Zg.avi", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\moq53i08kue_j1cif3zg.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\v9PzrbehuH3KFc.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\v9pzrbehuh3kfc.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\ntuser.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\ntuser.dat.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\ntuser.dat.log1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\ntuser.dat.log2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\ntuser.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\ntuser.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\contacts\\administrator.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\contacts\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\links\\web slice gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\msn websites\\msn autos.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\msn websites\\msn entertainment.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\msn websites\\msn money.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\msn websites\\msn sports.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\msn websites\\msn.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\msn websites\\msnbc news.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\windows live\\get windows live.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\windows live\\windows live gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\windows live\\windows live mail.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\favorites\\windows live\\windows live spaces.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Links\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\links\\desktop.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\links\\downloads.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\links\\recentplaces.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Music\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\saved games\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\searches\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\searches\\everywhere.search-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\searches\\indexed locations.search-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\libraries\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\libraries\\recordedtv.library-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\music\\sample music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\music\\sample music\\kalimba.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\music\\sample music\\sleep away.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\sample pictures\\desert.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\sample pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\sample pictures\\koala.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\sample pictures\\penguins.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\pictures\\sample pictures\\tulips.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\recorded tv\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\recorded tv\\sample media\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\videos\\sample videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\videos\\sample videos\\wildlife.wmv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3wes.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3wes.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cjwLkHotFDrB.csv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cjwlkhotfdrb.csv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CtU1cr28O6YeLq5MF4zr.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ctu1cr28o6yelq5mf4zr.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FNPUDpYy3rwMi.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fnpudpyy3rwmi.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzoKie.rtf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fzokie.rtf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkGAH7YstwIc6lZC9j.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jkgah7ystwic6lzc9j.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYsb.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jysb.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lj26CzXci-whK31.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lj26czxci-whk31.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NvEcGQE86DZ.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nvecgqe86dz.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oNjA8Krckm-Uh1s9B5p.mkv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\onja8krckm-uh1s9b5p.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVGbbCOCJnt_S.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovgbbcocjnt_s.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P2Yd7s y0s0iE3pixbWf.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p2yd7s y0s0ie3pixbwf.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qWhs9jNagvnL0I2S.avi", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qwhs9jnagvnl0i2s.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\R29FEAYxqzGKfm4iuq.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\r29feayxqzgkfm4iuq.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RcaCR.avi", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rcacr.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SdgI3.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sdgi3.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XaK4rq6FxAm.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xak4rq6fxam.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ya6Z9poxN.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ya6z9poxn.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ym0OWp.ods", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ym0owp.ods", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmOf4LXrg2cAXUtOgh.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ymof4lxrg2caxutogh.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zexl18m.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zexl18m.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZZFMbf.odt", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zzfmbf.odt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_av9Cb6IPXGAa5C.mp4", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_av9cb6ipxgaa5c.mp4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\4BTbVX2SL5PMNXlhJi.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\4btbvx2sl5pmnxlhji.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\BOrtQ-gODoJ96Mp2i.pps", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\bortq-godoj96mp2i.pps", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\RH-9w1ekDlX.swf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rh-9w1ekdlx.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\rvzAqm2.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rvzaqm2.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TrEKohawJ.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\trekohawj.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TxQmAhXtJ1.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\txqmahxtj1.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\ySq45fyDTuTLWzePdp4.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\ysq45fydtutlwzepdp4.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\5OmbcR7YDw3.bmp", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\5ombcr7ydw3.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\iyIk6.jpg", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\iyik6.jpg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\rVKi.xlsx", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\rvki.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\UcgnfCPkkGAfI8Infh.pdf", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\ucgnfcpkkgafi8infh.pdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\XiCIIZYNum_VSBs.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\xiciizynum_vsbs.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\ZxQsBuyh.ods", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\zxqsbuyh.ods", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\UzONnSwswGOnlESVfL.mp3", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\uzonnswswgonlesvfl.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\xtxVVYFEc-NWjSwclj.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\xtxvvyfec-nwjswclj.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\zKa6.xls", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\zka6.xls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\6IAM.m4a", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\6iam.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\7IFRA25.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\7ifra25.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\zd0bLbxkM-mx4VZDX_.flv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\zd0blbxkm-mx4vzdx_.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8P6C FwpZ.mkv", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8p6c fwpz.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8W8bO.gif", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8w8bo.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\lTddMw6tEfsH.wav", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\ltddmw6tefsh.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\default\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\desktop\\adobe reader x.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\desktop\\google chrome.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", "hashes": [], "norm_filename": "\\\\?\\c:\\users\\public\\desktop\\mozilla firefox.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\DAE2CC280AF9F39884D63ACC0F1AD7E0.XZZX", "hashes": [ { "md5_hash": "b2039def62d30e627c9b07fafd0673f0", "sha1_hash": "bca033c20eed042b2664a66a20b995f565cd1f3c", "sha256_hash": "7ce75bcfdf2deb2417f0d59e7cf10a04b240c6ebdec5cc8badef61ca508977ea", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\dae2cc280af9f39884d63acc0f1ad7e0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\323285543E8B2CB8C06CF7B742AC1100.XZZX", "hashes": [ { "md5_hash": "62b16e19c99fd8243826e8e98950e495", "sha1_hash": "d24985d4dc1fe659fb3dc15f9ce3c9d86a4491ad", "sha256_hash": "3d00cfde4b15dae436ce931573a8398c72eaac95a130b7120fb34d3257108a9a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\323285543e8b2cb8c06cf7b742ac1100.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2_r9zrnyCzzJ.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2_r9zrnyczzj.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C1C4370F268A7D85910C485D2AAB61CD.XZZX", "hashes": [ { "md5_hash": "240b43be25efe63e1f408e37d9696c6b", "sha1_hash": "e0879ba8aa9a93bd697709922114e7801168ff0a", "sha256_hash": "2394a06d954932dfbc71dd95fadf5e3304bd14a5def37c4f7fd2edcd0304ba16", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\c1c4370f268a7d85910c485d2aab61cd.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2--S BWBtG7 nG.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\2--s bwbtg7 ng.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\2ADDD7CE37DE6C473ADF3B8E3BFF508F.XZZX", "hashes": [ { "md5_hash": "e39b41849bdd0332d45672be272b4620", "sha1_hash": "6b5b1ae1dcd0bba156462139fb9a264822a74186", "sha256_hash": "ec4f62854d65ee70c596b1cf7843fe4324605a901cdb68980fd084a3d205ec49", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\2addd7ce37de6c473adf3b8e3bff508f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\D02310330D7F24F9EA0895E311A00941.XZZX", "hashes": [ { "md5_hash": "f50774acf57afae5e71525f52faaeb25", "sha1_hash": "1853ed29d85cd3a68e6a55bca6c94ae1b87678c9", "sha256_hash": "f09d7ebfab87b1f5b605a4ab9cab0772d90be17aced00706ea51b8b8bc94a019", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\d02310330d7f24f9ea0895e311a00941.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\83899D5A26F059DE25E7413F2B253E26.XZZX", "hashes": [ { "md5_hash": "d10c818bb4d914da6dfdfea0bb01a7e6", "sha1_hash": "9d5c9a5c469896835b553f2e3bef0e954a977a68", "sha256_hash": "f9db39316db6031438344e25561408333082fa2dc2a8967577f745d83ac3ae51", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\83899d5a26f059de25e7413f2b253e26.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BtnyH.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btnyh.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7D698FE122EFCA3A766339E164FE0EB.XZZX", "hashes": [ { "md5_hash": "bfa30e76fa7ddeac54bfaa4a1eb07dd6", "sha1_hash": "beddbe78af3e6370a6a59809b11242aaab0dcd92", "sha256_hash": "cd1ac8c8c3478f065dfd69c339a4810f66ad589849aa7ecef21d4761d926a755", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\b7d698fe122efca3a766339e164fe0eb.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\bTxozG6jGL89 vQ7JVm.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\btxozg6jgl89 vq7jvm.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\BA853E823C01028A03C2DABB4021E6D2.XZZX", "hashes": [ { "md5_hash": "1a18f83d1a07042faae27ec212004fc7", "sha1_hash": "7dab36dea57ef6d29a6dc1ff3cc283ba344abe80", "sha256_hash": "5439703f2daa9c3d6e5b315f66b658df61e9779b172db5fffc8dbe7ce95c9987", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\ba853e823c01028a03c2dabb4021e6d2.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\dTOAV.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dtoav.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\ED39CAB90CE3C63A3EAEA7271104AA82.XZZX", "hashes": [ { "md5_hash": "18c9e588a3fcda5adb0f02ce418b91d0", "sha1_hash": "e403e5b94824bc2d324dc41789b394fd6457d114", "sha256_hash": "aa9262096177d24e6baac670a55493445557dc4111b074866193390946a7836b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\ed39cab90ce3c63a3eaea7271104aa82.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\j3v_bMSa tx-.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\j3v_bmsa tx-.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\64527B001382D7BF4D0A170017B7BC07.XZZX", "hashes": [ { "md5_hash": "cdf7e813a81aa2b0444d0c9c98e29582", "sha1_hash": "52aa49e6b317a4de2e5d00fd15303dff3598ef85", "sha256_hash": "09e5b647e4f6278febdaa8cd3fdd2ee3548729c3600842c050f1667041bd9437", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\64527b001382d7bf4d0a170017b7bc07.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\jtsnNF8Wy Jt.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\jtsnnf8wy jt.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\3C85A2C827B882D0AC42F6272BD96718.XZZX", "hashes": [ { "md5_hash": "c65a17cd098714e19d51cfc5ecdb1023", "sha1_hash": "2974c0d5c602f3085a5d183f0ea7ce9b2219005f", "sha256_hash": "8eccb912de0bfb6be7171414cfec242e12e832ff858a84ea9d3d02e6020a4cff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\3c85a2c827b882d0ac42f6272bd96718.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\LuguQ9Fu8UwQPMQRFj.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\luguq9fu8uwqpmqrfj.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\C3E4F2C10C4D8EEA8EBC635B106E7332.XZZX", "hashes": [ { "md5_hash": "6f57c4a8651b73f8ebd30047c283e841", "sha1_hash": "fc01112eba47c1116ef298bf4311b05e72e69a30", "sha256_hash": "3006c3eb7f514eb96d3f0af5780da1ec33aff5a95665e8da1b65b8d74ba6a330", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\c3e4f2c10c4d8eea8ebc635b106e7332.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\OPPnhBe-ZTrVhEG421.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\oppnhbe-ztrvheg421.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\WWsZT9B6tKUn2DClW.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\wwszt9b6tkun2dclw.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\663067DE2A526ACA340DE0352E734F12.XZZX", "hashes": [ { "md5_hash": "a3938aa865947f87071a2eb0677336fe", "sha1_hash": "062d9cfbbd8011c45499117c2f484459b1d061b5", "sha256_hash": "1d589a287e67b3da350ad7f0f45e664ea02f4f539ec0ebab8faf40ecd2d31494", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\663067de2a526aca340de0352e734f12.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\B7FE604F2A0F001FC8BF560F2E43E467.XZZX", "hashes": [ { "md5_hash": "c4512fa0fd838f4c472e21203165bba4", "sha1_hash": "0e05d042c12507ea595ebb0a63ed35e89b1925c8", "sha256_hash": "4ce63ed0b14ed548f7f6c45b349981e8f7ecafb4af35038c13fd39be48f38367", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\b7fe604f2a0f001fc8bf560f2e43e467.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\xN7YDKwcce9C5peK.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\xn7ydkwcce9c5pek.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\38DC595E3788A5BA7503B1493BA98A02.XZZX", "hashes": [ { "md5_hash": "cbeaf2ca1e75915b0d8527205c9d9a6d", "sha1_hash": "2f386acd47075707a2c9129e4e9dc14f14dc0942", "sha256_hash": "2276d1562d166c8e9fb40b2ddf89f0b675a9ff3380f3cf4ec2ed570b6585ab4a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\38dc595e3788a5ba7503b1493ba98a02.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\zCdoEQ.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\zcdoeq.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_iJcWlMQ1CRXwuy.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_ijcwlmq1crxwuy.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\6FB07FDE0CB60F86500F11CF10D6F3CE.XZZX", "hashes": [ { "md5_hash": "6d0125605db26c4e0f8b95565d282869", "sha1_hash": "133ec771ec03ab6d7d73039459dc118072665dc4", "sha256_hash": "f0ba3377a43ef0ad0b430587b05582891eea0379aefbbcd809ed818664008a9a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\6fb07fde0cb60f86500f11cf10d6f3ce.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3vgH.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\3vgh.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\06C3ECFB13862898AA23710517BB0CE0.XZZX", "hashes": [ { "md5_hash": "a36bd7e43f7d725d97ff2456834a9002", "sha1_hash": "87ffdf43d477a7b25a9bd0bc96d30d4445a59af3", "sha256_hash": "e9bf64a113c0da4269edc2323350071751316b8835f02d2b38a2f63b5a3a3aab", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\06c3ecfb13862898aa23710517bb0ce0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\3006C810075ED0F01F3DE7C50B7FB538.XZZX", "hashes": [ { "md5_hash": "32703d94c8004f5af95a05a2bf73eaec", "sha1_hash": "4566c17688b08cc14c7af469ff070345324491f9", "sha256_hash": "61984fdcb91c76f9757601b8d417185e1f2ebd7e7de2895314f3dda6b774a6dd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\3006c810075ed0f01f3de7c50b7fb538.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\45 WvgNJuT9AYaRmo.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\45 wvgnjut9ayarmo.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\FA78694804C1E3566FC4CB7C08F6C79E.XZZX", "hashes": [ { "md5_hash": "61b4780ddb4cef52674aa59048ed79cf", "sha1_hash": "83bd1949721e63db95db45e0e84018dd6c7a63eb", "sha256_hash": "8a00c4f976df1de2adbd90e8a22f129104a2ed9f57ce7c5a041b19990de38d4e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\fa78694804c1e3566fc4cb7c08f6c79e.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\nvHO8po6UT1lfU646l.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\nvho8po6ut1lfu646l.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B02B14800A31A4C0C9DC8D360E528908.XZZX", "hashes": [ { "md5_hash": "e6c9ccec10faa0d8161da037781654a7", "sha1_hash": "3ca595c29dbd209784461141b7d7bfc7c8d0d05d", "sha256_hash": "f45bdff37bbb68fc1df62adb356a7a9f0651505f8108e2aa567cff8b01c757f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\b02b14800a31a4c0c9dc8d360e528908.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\oCadhb.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\ocadhb.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\qEqtENZ.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\qeqtenz.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\8F1540B007AB3EF89A8099C80BCC2340.XZZX", "hashes": [ { "md5_hash": "dac37b92f3b350f6db4cc8c5aef96ae1", "sha1_hash": "a36a2369aaef5b4e9613c09c1335bcf38a691b25", "sha256_hash": "8c4626f55191efe770b12f08ffe6351d11a0e2a374b3a073ce099cf3294f0e60", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\8f1540b007ab3ef89a8099c80bcc2340.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\S9Jj_mVynZU911YcI-J0.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\s9jj_mvynzu911yci-j0.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\B1210AAA2257FEA8B6B1D3DD268CE2F0.XZZX", "hashes": [ { "md5_hash": "6fd0bc69ddcf19fc5c6254f0d7d6fc04", "sha1_hash": "c661ead23f9a7430689fadfea23026ec8595da0d", "sha256_hash": "3e34bb38bea675be765d4d16174213990815f791bda2fd93b4d784149d72d019", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\b1210aaa2257fea8b6b1d3dd268ce2f0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\my documents\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\nethood\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\auOsV3M 9VtNbJuKze\\9Y_m-oVB2IyYX\\DqOPM\\04BBA0D020119813F8F6E49024327C5B.XZZX", "hashes": [ { "md5_hash": "a38e7e31386a89fd376cbca7680d20b2", "sha1_hash": "d22a5c6e2dfdacfa2fff49fe49e44076742de1e3", "sha256_hash": "5088feebe02e08624518f48f079075aea5da9d5a7b91caf6e8afb07eef606342", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\04bba0d020119813f8f6e49024327c5b.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0feLIIudH.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0feliiudh.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\0uVNLdVwplc802HWrb1.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\0uvnldvwplc802hwrb1.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7EC795ED37AF1A88A52703F73BCFFED0.XZZX", "hashes": [ { "md5_hash": "7b4304e41f7e2c553114742cb9d2bffa", "sha1_hash": "5b0edfe55cbd86e40076750b0361601d2a41f4e5", "sha256_hash": "457c4ad3baf404b6283865e698490dfe8ff2758f4fd86a8c444f262f4b78b638", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7ec795ed37af1a88a52703f73bcffed0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2b2gQ2C3WuJEBl.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2b2gq2c3wujebl.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C30CF4F82E58715357484B18328D559B.XZZX", "hashes": [ { "md5_hash": "81659e6d8a4d3f09a39929e30aa360db", "sha1_hash": "ef1a0dbe148270a9fc697f4f3891aa391b181041", "sha256_hash": "06a01b93de3a8dcee6931d6fa3a7366938f9add6be9c7cc2104001e1329efe9e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c30cf4f82e58715357484b18328d559b.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5X6u252V SzZ.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5x6u252v szz.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7030D20732FB05AE512C0EDB3744E9F6.XZZX", "hashes": [ { "md5_hash": "1cbd402274df267452bfa274914c6080", "sha1_hash": "dc2b4e6e4a8c0fe07c3fc99f5e7740087c7c2d10", "sha256_hash": "13d6c9a2cef91b9152e03494dd9c96f7d61db20e3481f14a0b711a1a78b5519c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7030d20732fb05ae512c0edb3744e9f6.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2187C5602F1ADAF08D4383D0333BBF38.XZZX", "hashes": [ { "md5_hash": "cd06bb370021c00c6350b7c7eb47261d", "sha1_hash": "980220a4cd8e02421027fef530def248157b6ef1", "sha256_hash": "87eed63d5aecb471b4c10378e295b09c1c8b35337a7cf93730a48f44991db1d4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2187c5602f1adaf08d4383d0333bbf38.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\9s0pX7t.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\9s0px7t.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\3A2295CD2F8CD2DF95E7618733C2B727.XZZX", "hashes": [ { "md5_hash": "ad680a42bc85a04ed95419664b71014c", "sha1_hash": "72c41275051c06e888584d8331a850c106b8d3b5", "sha256_hash": "9de74e25397160af6023ca1c02a2cc635a31a78be11a220c0e5a61f1aca943ca", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3a2295cd2f8cd2df95e7618733c2b727.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\aqn8.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\aqn8.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8F82071C3E6AA36071D28504428B87A8.XZZX", "hashes": [ { "md5_hash": "34e27579b67f2c60e3489b22f44e591c", "sha1_hash": "7a58a71298700908b61c94559e20e00e497be127", "sha256_hash": "ac7ee8bd496dbbeaceab4f13c0474455b5112ddf3b11b3174e17e22dfe0bc0e9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8f82071c3e6aa36071d28504428b87a8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\azuNey.jpg", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\azuney.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\B4vC-SYblpXq.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\b4vc-syblpxq.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C87868381959CC9C63DBF2EC1D8EB0E4.XZZX", "hashes": [ { "md5_hash": "01ffabd8a351dd16efd5a36e839bd2cb", "sha1_hash": "926b2738a05aff1e072012083cf4f38029dbd853", "sha256_hash": "9bd9fa41c4c7088c3a63fe232a2c3af0df9238c54c49c158b005c564eb632e59", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c87868381959cc9c63dbf2ec1d8eb0e4.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bqBGtF.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bqbgtf.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\567FB4290F0A7CE338C9770B132B612B.XZZX", "hashes": [ { "md5_hash": "b634e56d85233b3068a1cda8d98b5ba0", "sha1_hash": "06edf4db53b5e6070e80d887955502ac151ce838", "sha256_hash": "dd608bf2ba28d95f65b04a4f7a03b27636e92c4c574970ae4dc1b36869bb3e24", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\567fb4290f0a7ce338c9770b132b612b.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6C73D824191052A8389547C51D5A36F0.XZZX", "hashes": [ { "md5_hash": "68d2b9d24a7a4eece3b3da3ef613eb0c", "sha1_hash": "38c5bbea7d562bae9d38d8d7e42a5788983f02f7", "sha256_hash": "bfccc4844078e6ed7b7365c2e475a1956e88fc8d3ead5836b3e9daf8a2fb550a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6c73d824191052a8389547c51d5a36f0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\bz3TQY.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bz3tqy.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\dcuecnaq5mY4vS.jpg", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\dcuecnaq5my4vs.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\diyvOkO.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\diyvoko.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7E711D900E3B4440AF6B05F612702888.XZZX", "hashes": [ { "md5_hash": "23569ac415954190531f5ecef2910c70", "sha1_hash": "ac7e7d4002833e90535056812b3a0b3493c7b2fd", "sha256_hash": "f2f0de02936d58418af02f1aaf9e73fc4fd54cb7c27fda4716412589e3875f7c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7e711d900e3b4440af6b05f612702888.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6D777C541DA727448F863C8E21C80B8C.XZZX", "hashes": [ { "md5_hash": "e551e7fa4a29fa1bdd5004f5080eba92", "sha1_hash": "dba645106b2f139ca8882dd28d017118ffda5ba6", "sha256_hash": "db8cf6f94f8591c38359eceb41968552dd73ee6f12e4aff3fb241a87ab9ea5dd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6d777c541da727448f863c8e21c80b8c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F9ECB5D32975DBFCFCC9E4D92DBFC044.XZZX", "hashes": [ { "md5_hash": "9d724294c450865e4b5f6082b36e91eb", "sha1_hash": "d90cc4e71ce9ef932f14392880b993f95454235e", "sha256_hash": "0cde438fabd02956bfe73b426c4d77fd405556dfdfd29eda2d20a4e2a439c27b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\f9ecb5d32975dbfcfcc9e4d92dbfc044.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C22D6D6701D063BFF430045506304807.XZZX", "hashes": [ { "md5_hash": "d64ec1513e3a2028b1bd26c5982f823d", "sha1_hash": "4b9c1942066e6549c42c3c6f9232ad87c96ca7a8", "sha256_hash": "b484d77c382d22ec691ac430d5e130ae1cb374fef7b430060448d16a06c987c9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c22d6d6701d063bff430045506304807.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\d_ywXujVU Wq1E.jpg", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d_ywxujvu wq1e.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6274BC861B7171923C3788AB1F9255DA.XZZX", "hashes": [ { "md5_hash": "5c19c1cc897e424c8d26e9f929199572", "sha1_hash": "e5a9135494ec038a06a32c413329907dc65c3382", "sha256_hash": "becf1a665ce6667bc382264438668236dcf4b89b3ad4c7697ddbe0c31e102c7b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6274bc861b7171923c3788ab1f9255da.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\E mrX_4M3P5jMLSuXG.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\e mrx_4m3p5jmlsuxg.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\8FACB48C4470F6BE344BE4A448A5DB06.XZZX", "hashes": [ { "md5_hash": "04e263bd7644ed1d15968583f0c85d80", "sha1_hash": "1f8b5ae02f12265019ac3b54d457b53ce2399c7d", "sha256_hash": "aaa15e7c186db31370e8d30bfc45566c632a9d396084c006fa1693558730e2e5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8facb48c4470f6be344be4a448a5db06.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FFqA4 2WndIy.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ffqa4 2wndiy.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\fTtF.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fttf.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\90EAB1CE03D6A9CCF759AEE907F78E14.XZZX", "hashes": [ { "md5_hash": "9185e6da04755916803253af9610bcc3", "sha1_hash": "001357c52d1031bd6d3a6764e82fa8a01c0a3413", "sha256_hash": "9c10e1ff51cad7520207b56e7392eae65aef9f9c91d9674653a9b7d121e05097", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\90eab1ce03d6a9ccf759aee907f78e14.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\g43hR4r2QCQPskvQatT.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\g43hr4r2qcqpskvqatt.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7852C7A011E028AD2E2E29A016150CF5.XZZX", "hashes": [ { "md5_hash": "51690523a617ebe50ac0a1883185c57e", "sha1_hash": "1be85c36b261c66588c7cd4a8462979ca6bbdf37", "sha256_hash": "f33574b0a57e60334e77e4105ea8a9808f3a7298b8ce7a4d223e83d96bcf4b93", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7852c7a011e028ad2e2e29a016150cf5.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ghz9u7C.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ghz9u7c.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D59AAFC73FFFF3FE126A516D4420D846.XZZX", "hashes": [ { "md5_hash": "bf885c283aac8029907978a700d28c6d", "sha1_hash": "487c094ed491ff83d6513f93c508b37cdab2cfb4", "sha256_hash": "647a0708d0862aaa1422ad1cb3d79dc1d3539e2310b3e6e4af3ffbd01fc719b4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d59aafc73ffff3fe126a516d4420d846.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\gpnG5_ q-ZTGc_4b76b.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\gpng5_ q-ztgc_4b76b.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\5C36794D2643414F2FE671172A8D2597.XZZX", "hashes": [ { "md5_hash": "7596663e80c5c9caea6114ca6f82068b", "sha1_hash": "222a54675be37b3952fb6343f9f96f734fb84759", "sha256_hash": "8856bcb31fef06c8d5f0cd65c9ffb1e9c99808f31bf17f9b15c86c48e85bb8f4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5c36794d2643414f2fe671172a8d2597.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\hl35zcYZE.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hl35zcyze.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\6E0684500109FC98CFD71110053FE0E0.XZZX", "hashes": [ { "md5_hash": "f2f8598ed19d8f6d7fc95002641794f5", "sha1_hash": "93c6016547de3971c69bf0827a61754ad150360a", "sha256_hash": "cd6441fa7fa8603b5b04f3c7715b5f7da02ce2e9e49e519aa1c08b2dfcceed22", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6e0684500109fc98cfd71110053fe0e0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\A74BC39B153F2E46BB66A40D1960128E.XZZX", "hashes": [ { "md5_hash": "295545ec293b2fda16e3532d4e5dbe1d", "sha1_hash": "eb1ab5fdb1b57ada98f0dc5c0bfa16998cfdee86", "sha256_hash": "b9999e05d1c62715c8230afe78c1845d4d8b35d395dcda7ad6090de58ea6d529", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\a74bc39b153f2e46bb66a40d1960128e.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Hx4D_z73m1pGCpzIPXzy.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\hx4d_z73m1pgcpzipxzy.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D2FBB85013E759FE97CF4AF0181D3E46.XZZX", "hashes": [ { "md5_hash": "0c38c9a7fa7be8d26f81566a8f49fb83", "sha1_hash": "5b7f9e7513c1878e0734ab581a93b59409b3313f", "sha256_hash": "f337839d26055f6071b1f33341ce3ad192049d9771e48b99ad0e6a517cc090f2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d2fbb85013e759fe97cf4af0181d3e46.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\k3NI.jpg", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\k3ni.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7F23998A1ACAB3E49F720F0B1EEB982C.XZZX", "hashes": [ { "md5_hash": "38b610a8b62b51bc570cc460507f97c2", "sha1_hash": "426f92a56a43e23d355476db00beca67ee96fae5", "sha256_hash": "49d72edd3a575011df385e021ec156f4ca56580d137c8413d8fcc2e41d94899e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7f23998a1acab3e49f720f0b1eeb982c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\kfqhp.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\kfqhp.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\BD094FF047045CCAB6A2A1584B394112.XZZX", "hashes": [ { "md5_hash": "7d07ad934a01caaf679134e102069a75", "sha1_hash": "e77f58c9a18ce67bf7a1843ce66e9acf8082cf5e", "sha256_hash": "79b0b4db9243ff92bcb37125e93b3c9fb10546425b50b5fc6bdf5836e8644aae", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bd094ff047045ccab6a2a1584b394112.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\LiEtBonze.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\lietbonze.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D5D72CD040472A6053677EF544680EA8.XZZX", "hashes": [ { "md5_hash": "07f3876b0b1fbbe40adf1c279dc9d611", "sha1_hash": "1fa232b83b52736fb8f0655a92e924576572ed9e", "sha256_hash": "caa63ac3eba72349a04935f69572ae048bdc7a61171c8d00288379d2d0710a3f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d5d72cd040472a6053677ef544680ea8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\mXMMLg1uw.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\mxmmlg1uw.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\615936DC32228B708230065136576FB8.XZZX", "hashes": [ { "md5_hash": "47fec316311c6319a6a865ccb3db82d1", "sha1_hash": "18e7b70dd556d8f3f830a72cbfe12674811a8729", "sha256_hash": "97d8dc83ea6f1d5830c5eea46050f636ce3e16ed0134cef66d8a99aa4b7c166c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\615936dc32228b708230065136576fb8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\oEKbZ-fUq6tWCg3E9gms.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\oekbz-fuq6twcg3e9gms.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\4EC1B3383CF01EB849835EF241110300.XZZX", "hashes": [ { "md5_hash": "2ed84588e41a15610ab30ebdf40620cc", "sha1_hash": "cba62e16407081ed8d2c01926e6ac8a579061523", "sha256_hash": "8d30a102ab82571d2d1fe19eb65efca02a98ae70e12db01f66c60a44934d9e38", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4ec1b3383cf01eb849835ef241110300.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\pDGmGQvtKPZ_ns.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\pdgmgqvtkpz_ns.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\7ABC26D22C977F5CF918EABE30B863A4.XZZX", "hashes": [ { "md5_hash": "10c3b07487b5dfbd82efe187860a7741", "sha1_hash": "8fb29a952586d6eda7a5a79cab386d6d0c4170b4", "sha256_hash": "f736167e5e548766d8f0c9992e6acefecad6f1b41ebd3bed7e412a041dcdc308", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7abc26d22c977f5cf918eabe30b863a4.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\PTV-5E.jpg", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ptv-5e.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\F28BD0F0084D975830F3B58E0C6E7BA0.XZZX", "hashes": [ { "md5_hash": "f36474c4ab4ff1cb0bd644b916ad9ac5", "sha1_hash": "950eb98385e5b0b938ebdb425e3a6b635cf9f624", "sha256_hash": "27781736d3003bf288ce12428a9a1e21611f0ff90c2b63b24da1c60ab6a904b9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\f28bd0f0084d975830f3b58e0c6e7ba0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VL2r.jpg", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vl2r.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FBB049370C08D85D799956BD1029BCA5.XZZX", "hashes": [ { "md5_hash": "094a2359ac86447e5f3db13cfe91b51f", "sha1_hash": "7121d4e07e22a12ea72f8a3c784ba1f01e0f2369", "sha256_hash": "49bcc5d7767d0e60e148a7a3fa05212ecbb17b51de01967991693ea9eb8d2c0c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fbb049370c08d85d799956bd1029bca5.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\VUaHmntzHPrBw9rs6O1.jpg", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vuahmntzhprbw9rs6o1.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\wbMFjBguMLJG3mRfnnUn.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\wbmfjbgumljg3mrfnnun.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\609D61282FED0EE4AFD8291A340DF32C.XZZX", "hashes": [ { "md5_hash": "bbebf0b211b75de09879f9ae3e3acd39", "sha1_hash": "9a4d6802c563f1992b59c1dd035e49408037f24d", "sha256_hash": "6d10c6f0542156494f43db2922ba5c6e38af60f2ef68441b49466d7267397965", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\609d61282fed0ee4afd8291a340df32c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1698FA38038EB2CD51213BC807C39715.XZZX", "hashes": [ { "md5_hash": "6d5c61fa21ddd8399443b98631828511", "sha1_hash": "9232e944a0cfaff9e8a0c670a84433ac86b65ed8", "sha256_hash": "ffc33222f6669f600580db1d74967e9929dcb4e32bed6d28c954da9f942b6a45", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\1698fa38038eb2cd51213bc807c39715.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\XL uwZp2bbBe4jnmB.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\xl uwzp2bbbe4jnmb.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\D3D882303025B5406F9968D234469988.XZZX", "hashes": [ { "md5_hash": "aab06430aaf92867712437fdee4506bb", "sha1_hash": "9ea76e1e7e4fdfe00dc318bbb78a29fa88ffa2c5", "sha256_hash": "b65cae3ef734966c27e94a37248256f1352a71e52273b3f8d2a5c9452500bd89", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d3d882303025b5406f9968d234469988.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\y5Mqnfp y9ox7lXm62.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\y5mqnfp y9ox7lxm62.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1971D3BF09924C93CB17194F0DC730DB.XZZX", "hashes": [ { "md5_hash": "541425fd978c554404f50b61e819aec4", "sha1_hash": "642bbb34c26f1df2efcb7eb0f94015767d53b57a", "sha256_hash": "7a12c18b3f1d15faf8512ad4749161b30d057d78b249614808b87e1597e55079", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\1971d3bf09924c93cb17194f0dc730db.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Yj-AfpoJM9u50s86.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yj-afpojm9u50s86.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\ylARzGL.png", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ylarzgl.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\C355F5402BEDF72E504955A0300EDB76.XZZX", "hashes": [ { "md5_hash": "55c3104f2dd7291cacbd39a453be9d02", "sha1_hash": "0b137d47f5f53e9c90990ffb73a10f0cd373dc1a", "sha256_hash": "34be4d446d835c46646f9b97dbe57e20095fb16c9761e2791928b542ed82715d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c355f5402bedf72e504955a0300edb76.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\printhood\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\recent\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\693610CE0E824D54F2368B0112B7319C.XZZX", "hashes": [ { "md5_hash": "d3d6c4268c594e08cc24f032bb9c4d26", "sha1_hash": "a65104672fb95244bdbd1e9ecbdb786cde463b4c", "sha256_hash": "ef722d1a887c8801eb2b2602eafcaf50d60690fd142006771476c31b8d069ec3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\693610ce0e824d54f2368b0112b7319c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\C8D828EF44C6B909469A8E7948E79D51.XZZX", "hashes": [ { "md5_hash": "1fc933c6c389660d5379e070f8e6479b", "sha1_hash": "8a6d154f41e3aadfa51b578cb127097b26ba4308", "sha256_hash": "1fda7167364df89482ee04ec4ab6a3eff60c71f0e89011b820cc18e9a2390631", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\c8d828ef44c6b909469a8e7948e79d51.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\07542892440C59CA51177AF248413E12.XZZX", "hashes": [ { "md5_hash": "810a35c7716525d6ded92f9bee85a404", "sha1_hash": "6f7f1dc14cbdd737031f33aa240c37558733533d", "sha256_hash": "a3006d1913f64cce51f93db711c8451d047a79ea8b6c98546159b2fd2f89840a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\07542892440c59ca51177af248413e12.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\22BE9D582E5129D8AA7CE5BC32720E20.XZZX", "hashes": [ { "md5_hash": "96c1f62a37267d6c30d888e6a31055fd", "sha1_hash": "a9a5757c693fa3a5bfb9bfc47b3bed251592e17b", "sha256_hash": "761681e06985095d7d8b1a8b183dc0621bd21115ebdb601e1ed48587334ce431", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\22be9d582e5129d8aa7ce5bc32720e20.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\sendto\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\86A958F52BA3FCF7083CB8732FD8E13F.XZZX", "hashes": [ { "md5_hash": "e2698baef276ddc3acfbfd1d25b89166", "sha1_hash": "e44dc82bc6c36bec3a4d70286d73c4521c534d72", "sha256_hash": "47859f01529de4b40a18d0967add6b3bfcc58de85dbf51f2737ac60a82094d76", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\86a958f52ba3fcf7083cb8732fd8e13f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\start menu\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\templates\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D30YP5u1qzg5-VZ7306q.mkv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d30yp5u1qzg5-vz7306q.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0FCB2DF10CA6B6CB526033CF10C79B13.XZZX", "hashes": [ { "md5_hash": "c0273bea1fe271b78d77935015117738", "sha1_hash": "44168b8a7725834877f4aedfbc33bd024d02bc74", "sha256_hash": "9779b2f54756480cad5849ff876167af65e86e44c43c5c9acafb187eaa13b2bd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0fcb2df10ca6b6cb526033cf10c79b13.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D89AF8F8162B0DAE766745D41A4BF1F6.XZZX", "hashes": [ { "md5_hash": "6c76f521e8052a2c0d16f400c5f392f6", "sha1_hash": "1a2a0232c482bd36fe6145b428578d0c79c2f73d", "sha256_hash": "bfb9ff0383a8d35f2f9ef548a90c43515fc50af1a8e3f3fa85d585427c61c49c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d89af8f8162b0dae766745d41a4bf1f6.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\J20J9-k9Q1AQR.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\j20j9-k9q1aqr.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\F12649BC389976C6163CED043CCE5B0E.XZZX", "hashes": [ { "md5_hash": "4e358143fb249a43799f967628295fbb", "sha1_hash": "d30158fd564514919ed9a55a3789423939b0070f", "sha256_hash": "45f1b4f65948867edbb7114947a59667bfa6059287df2d97554fb104b3fab140", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\f12649bc389976c6163ced043cce5b0e.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\l0jm8.avi", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\l0jm8.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\s2dwcVO_4E6w.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\s2dwcvo_4e6w.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\23B23FF43A95B5A94696D7543EB699F1.XZZX", "hashes": [ { "md5_hash": "7d1525739a5a47d9d5eb1360364c5aaa", "sha1_hash": "6bfc8fc2c5f6da17049072387b521f261c3b15cd", "sha256_hash": "f1152588a7ad2781512b607cafeb9d9b3b3a9496f5c24e76793fad0b9e062afe", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\23b23ff43a95b5a94696d7543eb699f1.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\zpPjma0L3Hj-_nB.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\zppjma0l3hj-_nb.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\D0384500388B9600F42B1AE33CC07A48.XZZX", "hashes": [ { "md5_hash": "a5a026fe74cbb136fef1cb833b1cda43", "sha1_hash": "360732bac5ee32964fb942bb05e0c6db634c8220", "sha256_hash": "edeb847410ca033b7f2987c11c3597072600f998c6df602593857269655b2087", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d0384500388b9600f42b1ae33cc07a48.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\3A21FB2547CB7719582A8C7F4BEC5B61.XZZX", "hashes": [ { "md5_hash": "7275ce7acb7f3f81f9f21a0c5ecf2705", "sha1_hash": "697b8c06fe0fabb93462c8651eb0ad9cc7e45a06", "sha256_hash": "9c1df9225e129ce2b8db1a4cb170dbeb31610bd41b241b6e762c6c513ae46614", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\3a21fb2547cb7719582a8c7f4bec5b61.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2 mjBTvZEWz.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2 mjbtvzewz.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\02D7186C2A67434F1071035C2E882797.XZZX", "hashes": [ { "md5_hash": "804550e8001e7d53b6d770be9ca42b13", "sha1_hash": "b089f371135e64dee23157ed1b0c143f105dbfbe", "sha256_hash": "3c6cdc04520306938d618abb452c00594e5b89e6e98b4c4990987896c6e54a1b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\02d7186c2a67434f1071035c2e882797.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\92y tDp.avi", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\92y tdp.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\0790B504415F6E976181B814459452DF.XZZX", "hashes": [ { "md5_hash": "3331b52d364a9e4466a1c5c535bc4d8f", "sha1_hash": "d534dd10677629f117dd1ba8bca275e4bdaace23", "sha256_hash": "44638b9d357d79e83ce092d356d1b481fc387909e2688b2f23aaa6f2525f869c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\0790b504415f6e976181b814459452df.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\ArnUUg6o.mkv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\arnuug6o.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\816AF2DA29D3EBEF5D033A6E2DF4D037.XZZX", "hashes": [ { "md5_hash": "95a530c63a7a514497274282375130a9", "sha1_hash": "5c7f0ede7939812064de230a8611d7d2f2d72b56", "sha256_hash": "72fdc59adb159c79b986e068e6726a9799eff311c9764364153c9645daceb5a7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\816af2da29d3ebef5d033a6e2df4d037.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7TSkSEjcLf8xikPUr.avi", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\7tsksejclf8xikpur.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\bAFZ2xGuKI.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\bafz2xguki.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\ibE0v-Egfbu047ynw.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\ibe0v-egfbu047ynw.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\D1B4BDC437A182A42497439F3BC266EC.XZZX", "hashes": [ { "md5_hash": "8fc16b1ffef0d188c1a188886a5098a6", "sha1_hash": "7e8037f4a55b65011b3bdeb45c04590938e69fcb", "sha256_hash": "3fbfac0d468a0702c3843735d3cadfd5fad1ed1f2e7c64877b432ce063ffe5ef", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\d1b4bdc437a182a42497439f3bc266ec.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\MI1L.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\mi1l.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\3509B27C28C34484E701F4A52D2D28CC.XZZX", "hashes": [ { "md5_hash": "597ab5b1ffc533de548dc25f2ee07ec3", "sha1_hash": "37a7782a2b8d5c54d31ca5b208fb78e008cc4055", "sha256_hash": "9398e3683eccca4eff90405b9307c99a8490e245d037f3fc1cfe41633d9610b6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\3509b27c28c34484e701f4a52d2d28cc.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\18EF94CC2373DB0BFE65EAD427A8BF53.XZZX", "hashes": [ { "md5_hash": "4657fce65f8c9bc65dbd71d4c926f589", "sha1_hash": "ce11e2bfa1ea7755436e29e680954a8b40135aa7", "sha256_hash": "34b39e9fe52e23ad6e7811a59b9b45e29c6dece1565ceccf33eade01da4f6176", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\18ef94cc2373db0bfe65ead427a8bf53.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\No0nJ8TKbF9hYhiurGN.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\no0nj8tkbf9hyhiurgn.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\5BBECDA81A1E287C9DF89F941E9E0CC4.XZZX", "hashes": [ { "md5_hash": "1dc8d677ee5344f021c9b333c20f122e", "sha1_hash": "0e7943508615aeca521fe0b08bf75f36ae8353b2", "sha256_hash": "ca2883b180d77e3d41d5f44e96c6f7c0d88effb49bcc5b1cdecdabe1e558d54f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\5bbecda81a1e287c9df89f941e9e0cc4.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\q_QGnOQQGbujC4p8q.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\q_qgnoqqgbujc4p8q.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\36D405DA123E25CCEFB9A7DD165F0A14.XZZX", "hashes": [ { "md5_hash": "836699ba89a0a5b5b1681da8a56ec663", "sha1_hash": "72e9ec2de8942e0bd74a0a5ddae6f4907768a211", "sha256_hash": "fd813ade09c7ac193031b72537a6c00ded82ee77b086b9cab48b9801286e4d0c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\36d405da123e25ccefb9a7dd165f0a14.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\7B22A6161CBF8AA2C5439A5220F46EEA.XZZX", "hashes": [ { "md5_hash": "b4c67644d02d878f409214153fd2b6c0", "sha1_hash": "08444d9c21db9fa78ef57565322feb6d038ad8fa", "sha256_hash": "d6fc68cd66d47ff4e97e2bf2284e1fbbd889f74d769de9bb210abf1b1751c32c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\7b22a6161cbf8aa2c5439a5220f46eea.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\wMr3QKnu.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\wmr3qknu.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\6B0FB14D2FCD29F7CF6E219F33EE0E3F.XZZX", "hashes": [ { "md5_hash": "d2c138bdda877fbf4462cbf90e92d6f1", "sha1_hash": "17fd56f4025bde384c595e41345e755721c6b01f", "sha256_hash": "2f766400303166cbeadcd011255fd9e563be3298a82fc4776c0878a5fd4d4773", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\6b0fb14d2fcd29f7cf6e219f33ee0e3f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\2SS69ds5b7DlSJShTY0o\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\5Cc08SMWT PKYNwSj.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\5cc08smwt pkynwsj.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\i2GwNYb4B.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\i2gwnyb4b.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\60CA942226AA4A29961B00962ADF2E71.XZZX", "hashes": [ { "md5_hash": "bd94eb090d2af2e598bbc395f565c482", "sha1_hash": "95b29139f506b5fc1996cb08a82a917965f7bea3", "sha256_hash": "7c7567d149cbd3c3d5efb0d49cae5d6e734e8f27ccc2cdfb5e57c560741119a0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\60ca942226aa4a29961b00962adf2e71.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\NxtD.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\nxtd.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\E29C4433332B9D3DB3332D67374C8185.XZZX", "hashes": [ { "md5_hash": "9bb5fd3d899b97b5bd4f7b76d1cf90cf", "sha1_hash": "49ad6628af65b573a3b4e140aedda62dca6a5fa6", "sha256_hash": "ef02398d08458affa027ac7ad182fbbf0b2ba98124a250cb5837ef26c3eb08b5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\e29c4433332b9d3db3332d67374c8185.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\6OPfc4qVaMTq.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\6opfc4qvamtq.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\DTMS 07a7Aq-XEUh0\\O903hcW\\FBBA7EFE065EC5DA534929CE0AC8AA22.XZZX", "hashes": [ { "md5_hash": "49ecd7884f0a2df5eab6568b8b60dc21", "sha1_hash": "193260733bfadcedbe6a9a8db792595a3e408be9", "sha256_hash": "a3c2775c9707904f226c3afad21406a591036fada581daa84ca9de8eb0cf580f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\fbba7efe065ec5da534929ce0ac8aa22.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\MyRwYX_9-WNJ1OXdc1N.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\myrwyx_9-wnj1oxdc1n.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\DB53A738127CCAEBB87D0318169DAF33.XZZX", "hashes": [ { "md5_hash": "5b7a9da311e90dd11ab82627ce8a27dc", "sha1_hash": "5803359577787bcf7ae282a1bbab6b9cbd2b3fa4", "sha256_hash": "4a409fdd2b42d79481ea8caeb8991789776fc658e3e4b4f02ba6503b0af1934c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\db53a738127ccaebb87d0318169daf33.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\yXpEf4.mkv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\yxpef4.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\3B9FB280013C30BC79FE404005721504.XZZX", "hashes": [ { "md5_hash": "cc4f877c76d57a18a17bea3354a5f616", "sha1_hash": "86b6b0108ccd25b96495100055f8fe3d2e1a3e9b", "sha256_hash": "6b08b68edae066df78b307fb94f49c67f9fdd0632380f70e7c2107ba9de854ac", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\3b9fb280013c30bc79fe404005721504.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\xAriJR5aTdl\\ADBC71E42FBA59E00D479B5F33DB3E28.XZZX", "hashes": [ { "md5_hash": "34296a05465eb4a28ba8478e78c39fce", "sha1_hash": "0b27d4152f0b0308cced733870cd6fe22f70b78b", "sha256_hash": "348c3dba179ddc8a2c4c0d5bb81e886afdfd7e5e76878a31a7cd9064249579a9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\adbc71e42fba59e00d479b5f33db3e28.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8bunT0Nrx1v M.avi", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\8bunt0nrx1v m.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\aC_Ja4AvvNCLsQMnj7.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\ac_ja4avvnclsqmnj7.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\BDD25F14384CC362CBD33ADE3C6DA7AA.XZZX", "hashes": [ { "md5_hash": "3289c077c99e642a1b267a1b060a3afd", "sha1_hash": "5e4f0ce86acfb7b720f20fbece6aeab07fa6a082", "sha256_hash": "e52a6ec5e67ffebc561f10a4e73918e8d91e4688250448a2ba03426f6cf660af", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\bdd25f14384cc362cbd33ade3c6da7aa.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\bjQVhKZ0dfp8gRtn_Z.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\bjqvhkz0dfp8grtn_z.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\8181DC6820279A95628FB268245D7EDD.XZZX", "hashes": [ { "md5_hash": "f0a3b98bb1245eeeaaff13fc39635eff", "sha1_hash": "2c78334ac941f280ad5e346dd41202c41bda7e85", "sha256_hash": "305b4ce3d21ff13a21874d32c30453600d5faf1e847659d801592e12aa75293c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\8181dc6820279a95628fb268245d7edd.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\xTAGaGiIpU.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\xtagagiipu.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\37E85546159C2E64B110DA791A0612AC.XZZX", "hashes": [ { "md5_hash": "d2adcf55c513781c3a0ff0aca1610a93", "sha1_hash": "c29e2e116b9a017537094c3606558b780da6549c", "sha256_hash": "107d60e5d312b72daa6cd8f07ba404c2b1b1c37625bb2486a57dc65f981e8a1f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\37e85546159c2e64b110da791a0612ac.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\89DD89FE1BC33AFA435CA8A71FE81F42.XZZX", "hashes": [ { "md5_hash": "5ccf7d4e5a3ea00b039c7db57a91d20b", "sha1_hash": "a6da62cfd14fce05dba048b0075bc090580e7a2a", "sha256_hash": "2597a5dadd07f0095f2a769dc58eb1c343dd894af0dd20618accdc1a92845793", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\89dd89fe1bc33afa435ca8a71fe81f42.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\AmR.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\amr.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\fJw1HV.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\fjw1hv.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\04BF022041D4F9A43C1202C84609DDEC.XZZX", "hashes": [ { "md5_hash": "6c8489d244a368498979a0cd5539ded4", "sha1_hash": "3f6b769b7209fff99d1f7c531c8a657e66f3c89d", "sha256_hash": "1b184a04ebbb0dfdb2b9cd87e6f9acebb2a590bc6123c591cfd44726f1916df9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\04bf022041d4f9a43c1202c84609ddec.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\1CB22AF03A177B10110664B53E3C5F58.XZZX", "hashes": [ { "md5_hash": "8a27e67fbb78157633b21d99f0c7282f", "sha1_hash": "7457b0c2e8e4b3118791ad6b3939d0058c7ed3fc", "sha256_hash": "0e5c9dfa5cdf5b9d8acb7684b179d3a2faf8985a889e01d1680aabd645d18975", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\1cb22af03a177b10110664b53e3c5f58.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\Moq53i08kUE_j1CIf3Zg.avi", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\moq53i08kue_j1cif3zg.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\v9PzrbehuH3KFc.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\v9pzrbehuh3kfc.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\All Users\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\all users\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\7B5559382A0FD2B4C13F23862E44B6FC.XZZX", "hashes": [ { "md5_hash": "5e56780a1de42366d923fccefc6e06ae", "sha1_hash": "48aabba1a0a0f96caea07c5446bf15061608f557", "sha256_hash": "6f0dd064e70b8baf81acb65512cdea5fc5347541cb2ffd7a619e81b774965eff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\7b5559382a0fd2b4c13f23862e44b6fc.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Z-_06k\\wpc5n64XVm\\E3086E520D4EE960428796111173CDA8.XZZX", "hashes": [ { "md5_hash": "75c805096f37b62dacad6b6a70fddb1c", "sha1_hash": "388da3051632c38732ce931ddc5eb939c391f847", "sha256_hash": "1319d7be3eda3975014e5099a83c900b830575f57b53ba1dc7cba5e4ef1d5b70", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\e3086e520d4ee960428796111173cda8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG1", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat.log1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT.LOG2", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat.log2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\ntuser.ini", "hashes": [], "norm_filename": "c:\\users\\default\\ntuser.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\AppData\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\appdata\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Application Data\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\application data\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Contacts\\Administrator.contact", "hashes": [], "norm_filename": "c:\\users\\default\\contacts\\administrator.contact", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\contacts\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Contacts\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\contacts\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Cookies\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\cookies\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Documents\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\documents\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Documents\\My Music\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\documents\\my music\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\documents\\my pictures\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\documents\\my videos\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Downloads\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\downloads\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\links\\web slice gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Links\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\links\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Microsoft Websites\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\microsoft websites\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn autos.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn money.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn sports.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msn.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\msnbc news.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\MSN Websites\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\msn websites\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\windows live\\get windows live.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\windows live\\windows live gallery.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\windows live\\windows live mail.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\windows live\\windows live spaces.url", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Favorites\\Windows Live\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\windows live\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Links\\Desktop.lnk", "hashes": [], "norm_filename": "c:\\users\\default\\links\\desktop.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Links\\Downloads.lnk", "hashes": [], "norm_filename": "c:\\users\\default\\links\\downloads.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Links\\RecentPlaces.lnk", "hashes": [], "norm_filename": "c:\\users\\default\\links\\recentplaces.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Links\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\links\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Local Settings\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\local settings\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Music\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\music\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\My Documents\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\my documents\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\NetHood\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\nethood\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Pictures\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\pictures\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\PrintHood\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\printhood\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Recent\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\recent\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\saved games\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Saved Games\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\saved games\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\searches\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Searches\\Everywhere.search-ms", "hashes": [], "norm_filename": "c:\\users\\default\\searches\\everywhere.search-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", "hashes": [], "norm_filename": "c:\\users\\default\\searches\\indexed locations.search-ms", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Searches\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\searches\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\SendTo\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\sendto\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Start Menu\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\start menu\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Templates\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\templates\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Videos\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\videos\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default User\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default user\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\documents\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\My Music\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\my music\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\My Pictures\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\my pictures\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Documents\\My Videos\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\my videos\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\9665D59245322DD390020D724953121B.XZZX", "hashes": [ { "md5_hash": "0891752ebc90dac12b5b050aaab970ce", "sha1_hash": "852006f7332adb918603f644109950adc09e9cd3", "sha256_hash": "67698a3c14bba57840b473f9af3667d969c1fcd1ccf9c42f8bb5c57a1004565a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\9665d59245322dd390020d724953121b.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Documents\\94338BDA105A8F7E16CC5903148F73C6.XZZX", "hashes": [ { "md5_hash": "3fb369a47db4261bdc49e7e4a2a29f92", "sha1_hash": "ebbeb9a1fad843d79e1677b5e0eb7a9c4224ab1f", "sha256_hash": "e357e3ce089f949aa8a0f6dba3c8db6f6cf500e5812221b5bfd656a58b74f75c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\documents\\94338bda105a8f7e16cc5903148f73c6.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\downloads\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Downloads\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\downloads\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Favorites\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\favorites\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\libraries\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Downloads\\BC1D727A30ED2409A03B25C6350E0851.XZZX", "hashes": [ { "md5_hash": "bcdd7b264e921d42ccaa60cd609d17b6", "sha1_hash": "4f155b0d4ef3097015b5e98e4858f88fd2406b95", "sha256_hash": "29394518a819e0de6cfa26c66940708cd4426df3d74450c7a95776bd72a8f874", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\downloads\\bc1d727a30ed2409a03b25c6350e0851.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", "hashes": [], "norm_filename": "c:\\users\\public\\libraries\\recordedtv.library-ms", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Libraries\\50C930C63ECF303723410A464304147F.XZZX", "hashes": [ { "md5_hash": "a2d1b66694eaf311747b3500d84f5a9d", "sha1_hash": "590a2c5977581ee81b162013290b8c71398ab99f", "sha256_hash": "49d99bba648588ce463e8e0107123eacad2b08b119e41b1e03ff3af8753f1a9b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\libraries\\50c930c63ecf303723410a464304147f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Libraries\\721728630B1F6BB259C033230F404FFA.XZZX", "hashes": [ { "md5_hash": "59ae19796ff834f91a4f14bbb53f58a6", "sha1_hash": "00b2a15d997924601a522a3b353f9f817224bd24", "sha256_hash": "0cdd2a9c7e81f46e9f0d9ae5a9428dd38e99d98c91ea605959d87efacb1495c3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\libraries\\721728630b1f6bb259c033230f404ffa.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Libraries\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\libraries\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\music\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\DE133762273869A1CE952BAA2B594DE9.XZZX", "hashes": [ { "md5_hash": "ad44d7a777871689ca0f1fb07c37f371", "sha1_hash": "2bf4ec3bc21bdab756efc16381fd45e4773ca079", "sha256_hash": "22030c34b18471b52ed52c2fc9c177a827401a1694145e2904ef89dea12ba1cc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\de133762273869a1ce952baa2b594de9.xzzx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\desktop.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\B2BABB8113BECBA807B8242F17F3AFF0.XZZX", "hashes": [ { "md5_hash": "b184b55c67fe558a3f5689d1a4bacb69", "sha1_hash": "148ecdde9f071747f28b789891330079eaa3b445", "sha256_hash": "a1d538d6b558f44b0fda34124437294a6b0717ac5f1467b23443c876b8b63e69", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\sample music\\b2babb8113becba807b8242f17f3aff0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", "hashes": [ { "md5_hash": "b7b47dba0cb8bf928ed3d08ccea8506f", "sha1_hash": "969943096e8451a26ecfb1cb4068f033023143c9", "sha256_hash": "d29733d25d73923965d5a62de18c7b5d8658335bf59f9481ff4134a0daab8ebc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\sample music\\kalimba.mp3", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", "hashes": [ { "md5_hash": "a02aec4728613cce3cfcadbf233fa37b", "sha1_hash": "1a9d1276e9ce89bbb7d57f297caf4b3e7e44b2bf", "sha256_hash": "ab30d9eca9fadbb58f5648817e0baa42355fb44929232471c6dbfb2900704942", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\sleep away.mp3", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Music\\Sample Music\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\sample music\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\4FE187580C1CEAECF1249FC21086CF34.XZZX", "hashes": [ { "md5_hash": "6c348891000c92c184a4cee6af48111e", "sha1_hash": "f51704a90830eb08eaa4004c13d5b923352ec198", "sha256_hash": "500e1ba9f43a8dbf2aaa34c91c6145f36589817504b34468f9a2ead141a2bd81", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\4fe187580c1ceaecf1249fc21086cf34.xzzx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\desert.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\28F3174E3D47A1ACF4B1346741C785F4.XZZX", "hashes": [ { "md5_hash": "18378900f89e304a8d26f7043d19f7d3", "sha1_hash": "15280c070e3d7d852e3374fc205723ab365ccfa5", "sha256_hash": "d46a6fba15dff761ae17b23f5623f57888f2f9cf89504e7afd38e5f100d803e1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\28f3174e3d47a1acf4b1346741c785f4.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\D1FD6140114402301247CBC41572E678.XZZX", "hashes": [ { "md5_hash": "901b205094ff969c906d36f93e0dbd8c", "sha1_hash": "316e583d4f6c465f0a21d86964c9f7a7b18b8789", "sha256_hash": "a227140ced9d23d74f8c15458b3b636ec9144130d9b6f4414a23d25c045738a9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\d1fd6140114402301247cbc41572e678.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\2980FDFD3D56218AE4F6E07941E605D2.XZZX", "hashes": [ { "md5_hash": "cbf4876ed0c4c57bc0f6ef977287ee4a", "sha1_hash": "88c26d8c46c1796d5f90516ad6a202ab04cb96d8", "sha256_hash": "2399c4394c79441c6711fc35c2983857bf00b774e851f0dbcd6dbe58698ac2ae", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\2980fdfd3d56218ae4f6e07941e605d2.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\A59ACD7B3AF5E74B902550773F95CB93.XZZX", "hashes": [ { "md5_hash": "ea2350eba4d19301ec89c2460a22cee3", "sha1_hash": "e194fe3ec1332f455df08db1cdb770df7238a547", "sha256_hash": "8e7c6e5e4d579dcb083aeed29c16a6ecda7214ede3101adced6e75fc242485af", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\a59acd7b3af5e74b902550773f95cb93.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\koala.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\FA4BF7A60F1F0C98B1C0F8BE134DF0E0.XZZX", "hashes": [ { "md5_hash": "764563744807fcd3daafddfe57abac8f", "sha1_hash": "d54d84c8bfe1d66e395e0f21196217236bf82e92", "sha256_hash": "08cd68152727103af96698ec06376768cb2b77a80819ea7327ae3f602dde61ac", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\fa4bf7a60f1f0c98b1c0f8be134df0e0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\4BF5528040685AF08EE9FD2844DA3F38.XZZX", "hashes": [ { "md5_hash": "d849c7084f501697a5c2197b24dcf0c4", "sha1_hash": "ee5519794478e2eff4c509bc63c1161dc83218fe", "sha256_hash": "3758284a663f556b3dc898173d4d26a37323dffffe6071b25f231a98acc16c13", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\4bf5528040685af08ee9fd2844da3f38.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\0FC22E9A1AA1FD13E54A88961EC7E15B.XZZX", "hashes": [ { "md5_hash": "958344aa07574b253dd767216b61542c", "sha1_hash": "3322c081a58b29899c3ecef3e110e38d309c469c", "sha256_hash": "4d7c6a79e46fc0ebdb14a2465eb1a89edb45d4b0061126ce7b81068836fd9cf3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\0fc22e9a1aa1fd13e54a88961ec7e15b.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Pictures\\Sample Pictures\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\847D57104B178490F8F2D4B74FA568D8.XZZX", "hashes": [ { "md5_hash": "fe91f819807b8ddf49e32596d9098f4e", "sha1_hash": "02d264420c5324baa0dd87f0cfe715bea928264b", "sha256_hash": "d2fafd4d9dbac9208f1b6f8fe9e0e04953e08e91052530f7d9e4382047dc0ffb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\847d57104b178490f8f2d4b74fa568d8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\CDC4AAAD0836755B78D170410CA859A3.XZZX", "hashes": [ { "md5_hash": "b35c78eaccd098555e18b4c658cc0c06", "sha1_hash": "4965df95e26ba0e597f8b993c5c95bc94d37aec2", "sha256_hash": "ca7beb4a5502023e82dca26fd0b3982091ba7384ee72345b6c2ea31446bb5ff8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\cdc4aaad0836755b78d170410ca859a3.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\recorded tv\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Recorded TV\\Sample Media\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\1EDF30F91E98B984E23EDAF123369DCC.XZZX", "hashes": [ { "md5_hash": "0ee588dd9a445dce1444d14054f14fca", "sha1_hash": "880e4e3ca365ec2582600c8414151c628fb4f495", "sha256_hash": "ac395f6ac161e70b123d3b0cfea6b332efd736f1cc081c4fa9c9fba4244b157a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\recorded tv\\1edf30f91e98b984e23edaf123369dcc.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\39D4778C1CA7A7942937668620DB8BDC.XZZX", "hashes": [ { "md5_hash": "17de83ba5b884fb0273d4bbf87838ad7", "sha1_hash": "6e94c974d05d6d76a510f8d166d052f613f9f614", "sha256_hash": "447227d6d5b4a87a4436a47849afcde1d0ac2432ac46941e9123bce43e623a0b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\39d4778c1ca7a7942937668620db8bdc.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\videos\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\9C0539442839CAF8E19E36092CAFAF40.XZZX", "hashes": [ { "md5_hash": "e5fbf8b2b37758c80fc28a8e46b8e0ad", "sha1_hash": "49682292020058e6b761843ec235fe5c9a06519a", "sha256_hash": "43508baf8ca3930d46c2a29f3549553c54579fab7d6e8a53272a7dff6294e5c3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\videos\\9c0539442839caf8e19e36092cafaf40.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\wildlife.wmv", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Videos\\Sample Videos\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\windows\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\AE3F22464654D223AFF867CA4A80B66B.XZZX", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\ae3f22464654d223aff867ca4a80b66b.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3wes.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3wes.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cjwLkHotFDrB.csv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cjwlkhotfdrb.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3249DFC4336570C648854B1C3600550E.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3249dfc4336570c648854b1c3600550e.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\831028C931A43BD1AECC4481344F2019.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\831028c931a43bd1aecc4481344f2019.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CtU1cr28O6YeLq5MF4zr.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ctu1cr28o6yelq5mf4zr.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5BD0D8BC3761C5798DBF782C3A2CA9C1.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5bd0d8bc3761c5798dbf782c3a2ca9c1.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\332EDF2812729F5E1FC79588150D83A6.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\332edf2812729f5e1fc79588150d83a6.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FNPUDpYy3rwMi.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fnpudpyy3rwmi.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DF31D96F11ED2C2F0C02623D14881077.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\df31d96f11ed2c2f0c02623d14881077.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzoKie.rtf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fzokie.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jkGAH7YstwIc6lZC9j.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jkgah7ystwic6lzc9j.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3AB0A51A1E38C5C557A2A45220D3AA0D.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3ab0a51a1e38c5c557a2a45220d3aa0d.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DD2F494808F07B7C068185820B9B5FC4.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\dd2f494808f07b7c068185820b9b5fc4.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\JYsb.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jysb.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Lj26CzXci-whK31.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lj26czxci-whk31.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7EB57C7406D4CAEAFAE6B2D2099FAF32.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7eb57c7406d4caeafae6b2d2099faf32.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NvEcGQE86DZ.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nvecgqe86dz.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\992D94E80C53825AE241BB580EEE66A2.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\992d94e80c53825ae241bb580eee66a2.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oNjA8Krckm-Uh1s9B5p.mkv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\onja8krckm-uh1s9b5p.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\oVGbbCOCJnt_S.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ovgbbcocjnt_s.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E50598804514D2A02376220C47BFB6E8.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e50598804514d2a02376220c47bfb6e8.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BB588F142896CA4D429F9F1C2B61AE95.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bb588f142896ca4d429f9f1c2b61ae95.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\P2Yd7s y0s0iE3pixbWf.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\p2yd7s y0s0ie3pixbwf.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\B4B65B2031FA98E00EE8EF9234A57D28.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\b4b65b2031fa98e00ee8ef9234a57d28.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\297441CE2F3A13CA3B4881DA31D4F812.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\297441ce2f3a13ca3b4881da31d4f812.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qWhs9jNagvnL0I2S.avi", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qwhs9jnagvnl0i2s.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\9C15BB57408998F37E04B2C943547D3B.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\9c15bb57408998f37e04b2c943547d3b.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\R29FEAYxqzGKfm4iuq.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\r29feayxqzgkfm4iuq.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\D93E01F80BAD2630B7A5A4810E480A78.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\d93e01f80bad2630b7a5a4810e480a78.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RcaCR.avi", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rcacr.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7CD429BC1D46C7CC2845AFAE1FF1AC14.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7cd429bc1d46c7cc2845afae1ff1ac14.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\SdgI3.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sdgi3.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\3DAB86532684748B01DC4141291F58D3.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\3dab86532684748b01dc4141291f58d3.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XaK4rq6FxAm.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xak4rq6fxam.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\DF36633018C45D50D22CF61F1B5F4198.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\df36633018c45d50d22cf61f1b5f4198.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\E81AA92127D9DDF67EDCD7852A74C23E.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\e81aa92127d9ddf67edcd7852a74c23e.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ya6Z9poxN.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ya6z9poxn.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4F7E052E193A3049491669EE1BD51491.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4f7e052e193a3049491669ee1bd51491.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ym0OWp.ods", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ym0owp.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\CB04B3811A6F8BBEE0B0B6D31D1A7006.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cb04b3811a6f8bbee0b0b6d31d1a7006.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YmOf4LXrg2cAXUtOgh.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ymof4lxrg2caxutogh.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2E75F0001166B900C846E8C014019D48.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2e75f0001166b900c846e8c014019d48.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zexl18m.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zexl18m.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\F1621E5927CB75F785544EA92A665A3F.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\f1621e5927cb75f785544ea92a665a3f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZZFMbf.odt", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zzfmbf.odt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\8806259228B57EA824563E032B5062F0.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\8806259228b57ea824563e032b5062f0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_av9Cb6IPXGAa5C.mp4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_av9cb6ipxgaa5c.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\85EBF6F70B9CC7A102200CB90E37ABE9.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\85ebf6f70b9cc7a102200cb90e37abe9.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\4BTbVX2SL5PMNXlhJi.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\4btbvx2sl5pmnxlhji.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\46EBDC270E18B2453D2848DF10B3968D.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\46ebdc270e18b2453d2848df10b3968d.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\BOrtQ-gODoJ96Mp2i.pps", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\bortq-godoj96mp2i.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\83C1838C2E60DE68F9CF738530FBC2B0.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\83c1838c2e60de68f9cf738530fbc2b0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\RH-9w1ekDlX.swf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rh-9w1ekdlx.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\264E8978238A26C478B38BEE26250B0C.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\264e8978238a26c478b38bee26250b0c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\rvzAqm2.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\rvzaqm2.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\6CCF439C27C8E0021B579B862A63C44A.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\6ccf439c27c8e0021b579b862a63c44a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TrEKohawJ.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\trekohawj.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\B79C27C02FF18394C4F93E40328C67DC.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\b79c27c02ff18394c4f93e40328c67dc.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\TxQmAhXtJ1.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\txqmahxtj1.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\910A44A405CFC3CC320BF52E086AA814.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\910a44a405cfc3cc320bf52e086aa814.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\ySq45fyDTuTLWzePdp4.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\ysq45fydtutlwzepdp4.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\7A0DF8C008543AF04031BD840AEF1F38.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\7a0df8c008543af04031bd840aef1f38.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Ee7G-xHgdwJfqcsImMM\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ee7g-xhgdwjfqcsimmm\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\5OmbcR7YDw3.bmp", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\5ombcr7ydw3.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\47B40A10111A83A88A73451213B567F0.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\47b40a10111a83a88a73451213b567f0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\iyIk6.jpg", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\iyik6.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\4F6F3FD029568B304D8CACEB2BF16F78.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\4f6f3fd029568b304d8caceb2bf16f78.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\rVKi.xlsx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\rvki.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\F3DB6DE6267426E7B67A0B4A290F0B2F.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\f3db6de6267426e7b67a0b4a290f0b2f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\UcgnfCPkkGAfI8Infh.pdf", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\ucgnfcpkkgafi8infh.pdf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\2F277C800E3D000EDE26BEC010D7E456.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\2f277c800e3d000ede26bec010d7e456.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\XiCIIZYNum_VSBs.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\xiciizynum_vsbs.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\C85257232EB7E6DDB4D24C9F3152CB25.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\c85257232eb7e6ddb4d24c9f3152cb25.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\ZxQsBuyh.ods", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\zxqsbuyh.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\AC5C0F1C3DCF4B0220525E54406A2F4A.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\ac5c0f1c3dcf4b0220525e54406a2f4a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KZ7l4KmpPgbeETV_wvF\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kz7l4kmppgbeetv_wvf\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\UzONnSwswGOnlESVfL.mp3", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\uzonnswswgonlesvfl.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\8306832F015A14CA9B3B5FDD03F4F912.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\8306832f015a14ca9b3b5fdd03f4f912.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\xtxVVYFEc-NWjSwclj.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\xtxvvyfec-nwjswclj.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\6F61A1B801317143207838E803DC558B.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\6f61a1b801317143207838e803dc558b.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\zKa6.xls", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\zka6.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\074B93892CEB8207FA07ADC92F86664F.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\074b93892ceb8207fa07adc92f86664f.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\6IAM.m4a", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\6iam.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\B71609DC2AB3B518FC7896292D5E9960.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\b71609dc2ab3b518fc7896292d5e9960.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\7IFRA25.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\7ifra25.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\C6FBBCE908271EA962BAF7FD0AC202F1.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\c6fbbce908271ea962baf7fd0ac202f1.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\zd0bLbxkM-mx4VZDX_.flv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\zd0blbxkm-mx4vzdx_.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\A941655030ADE0983EE0D4E83348C4E0.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\a941655030ade0983ee0d4e83348c4e0.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8P6C FwpZ.mkv", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8p6c fwpz.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\19D6B3C6392F4722787D5AB33BCA2B6A.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\19d6b3c6392f4722787d5ab33bca2b6a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\8W8bO.gif", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\8w8bo.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\lTddMw6tEfsH.wav", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\ltddmw6tefsh.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\ED641CAF2D7EC8F4296430333019AD3C.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\ed641caf2d7ec8f4296430333019ad3c.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\_help_instruction.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZBiOZr_ 3-6W\\3Yo4kg3p-K\\0zRcyBT06WYN8R-glJ0\\BB5A0C7C1DC2FD429FB87666206DE18A.XZZX", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zbiozr_ 3-6w\\3yo4kg3p-k\\0zrcybt06wyn8r-glj0\\bb5a0c7c1dc2fd429fb87666206de18a.xzzx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\Desktop\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\default\\desktop\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\adobe reader x.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Desktop\\Google Chrome.lnk", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\google chrome.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\mozilla firefox.lnk", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\Desktop\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\1758A0BD1A6F8CE6B3A600C11E90712E.XZZX", "hashes": [ { "md5_hash": "b7b47dba0cb8bf928ed3d08ccea8506f", "sha1_hash": "969943096e8451a26ecfb1cb4068f033023143c9", "sha256_hash": "d29733d25d73923965d5a62de18c7b5d8658335bf59f9481ff4134a0daab8ebc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\sample music\\1758a0bd1a6f8ce6b3a600c11e90712e.xzzx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\A308B77E2F1E65BB59ECACAE33534A03.XZZX", "hashes": [ { "md5_hash": "a02aec4728613cce3cfcadbf233fa37b", "sha1_hash": "1a9d1276e9ce89bbb7d57f297caf4b3e7e44b2bf", "sha256_hash": "ab30d9eca9fadbb58f5648817e0baa42355fb44929232471c6dbfb2900704942", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\music\\sample music\\a308b77e2f1e65bb59ecacae33534a03.xzzx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\37DA6C30402385B0E323002B44E969F8.XZZX", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\37da6c30402385b0e323002b44e969f8.xzzx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\27FBCCFF13BC6B6F6D9AE66F18224FB7.XZZX", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\27fbccff13bc6b6f6d9ae66f18224fb7.xzzx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\168E33E2343B04A525B9D9AE38C0E8ED.XZZX", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\168e33e2343b04a525b9d9ae38c0e8ed.xzzx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7600\ue996\u76e2\u0150\u01cc\u01d4\u01cc\u0002", "hashes": [], "norm_filename": "\u076f\u7600\ue996\u76e2\u0151\u01cc\u01d4\u01cc\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u7600\udfce\u0016\ufffe\uffff\u3ca3\u76ed\u0002", "hashes": [], "norm_filename": "\u076f\u7600\udfce\u0016\ufffe\uffff\u3ca3\u76ed\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u0100\u21ab\u01cc", "hashes": [], "norm_filename": "\u076f\u0101\u21ab\u01cc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\uc600\u00c4\u01cc\u0001", "hashes": [], "norm_filename": "\u076f\uc600\u00e4\u01cc\u0001", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u0100\ufeac\u0018\u389e\u76ed\u0138\u01cc\u0002", "hashes": [], "norm_filename": "\u076f\u0101\ufeac\u0018\u389e\u76ed\u0138\u01cc\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\u076f\u1f00\u0150\u01cc\u0150\u01cc\u21b0\u01cc\u0002", "hashes": [], "norm_filename": "\u076f\u1f00\u0151\u01cc\u0151\u01cc\u21b0\u01cc\u0002", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [ { "mutex_name": "E1010314_offset", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MediaPlayer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_2", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\bce1010314.exe", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/548058b2233b75cdfd964c1d7be5d2b80818131a", "file_type": "created_file", "id": "file_3", "md5_hash": "17f54288695fc46d11078ea493eb6626", "norm_filename": "c:\\programdata\\bce1010314.exe", "sha1_hash": "548058b2233b75cdfd964c1d7be5d2b80818131a", "sha256_hash": "33a60a16e50b8df2a731023951475ff0f973fc66334d2cfa6ce30aa36bb36414", "size": 223232, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1ccec082f8ccbe367cfad62f04566e337255943a", "file_type": "created_file", "id": "file_4", "md5_hash": "8d251dc834ad2282d59cb08f2152a8f7", "norm_filename": "c:\\programdata\\bce1010314.exe:zone.identifier", "sha1_hash": "1ccec082f8ccbe367cfad62f04566e337255943a", "sha256_hash": "f1556a2096b4e834c3b91c637c2f5fb10fb4f2319b6c5f3143db2ce61774318d", "size": 23, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/54fb44cfaebd5bbf5036abc28d65c075a858081a", "file_type": "created_file", "id": "file_5", "md5_hash": "014c2e239ac9d84fac5f9bb42deeca6f", "norm_filename": "c:\\programdata\\f06c3c509054x0b7d28zcddbb17087b9c3e.xzzx", "sha1_hash": "54fb44cfaebd5bbf5036abc28d65c075a858081a", "sha256_hash": "9b87d898f5440a63eea60dfc4b6de79112230b0aa6ab6a91104cb99abf257aeb", "size": 271, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c9327703ea5961e21d83b9e8ee3a0128ceed4e0", "file_type": "created_file", "id": "file_7", "md5_hash": "07a6cac5168cad26dc6df34d16ea41a0", "norm_filename": "c:\\b0ad3ab92537b4fbfe37930729309943.xzzx", "sha1_hash": "5c9327703ea5961e21d83b9e8ee3a0128ceed4e0", "sha256_hash": "710cd6b5104f65527a604839abdfec6f5881c212970f224ae6423482d62aaf47", "size": 8359, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_8", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_9", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\$recycle.bin\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_10", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\boot\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_11", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\config.msi\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_12", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_13", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\msocache\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_14", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\msocache\\all users\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_15", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\perflogs\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_16", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\perflogs\\admin\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_17", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\program files\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_18", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\program files (x86)\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_19", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\programdata\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_20", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\recovery\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_22", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_31", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_32", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_33", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_49", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_50", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_85", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_104", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_121", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_144", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_145", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_146", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_149", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_152", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_153", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_156", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_159", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_162", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_167", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_178", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_191", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_200", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_203", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_204", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_247", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_284", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_297", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_298", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_371", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_374", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_375", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_382", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_385", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_386", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_387", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\templates\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_406", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_421", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_426", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_433", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_442", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_449", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_454", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_455", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\documents\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_456", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\music\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_457", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\pictures\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_460", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\videos\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_463", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\downloads\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_464", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\favorites\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_470", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\libraries\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_478", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\music\\sample music\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_500", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_504", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\recorded tv\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f769bff21786fd74b5657c5cee846df22a62061d", "file_type": "created_file", "id": "file_508", "md5_hash": "99b4288995857301d312d28c2291153d", "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\_help_instruction.txt", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "size": 708, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5cad49112c4837b7119b18c3c5b5fa356766b931", "file_type": "created_file", "id": "file_26", "md5_hash": "7037a481becf39b4f592c93948efe34f", "norm_filename": "c:\\users\\d2d9507033a5e4db82b20d90383ec923.xzzx", "sha1_hash": "5cad49112c4837b7119b18c3c5b5fa356766b931", "sha256_hash": "310e13e9ecedea999daf2c93a008da53f5c4d600015c09b58cde61601e2a418d", "size": 339, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5bad17c6f209bdebb28e1606fa9f14ece3dffeb3", "file_type": "created_file", "id": "file_27", "md5_hash": "149039c782d26be150787a53c60b0fb8", "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\6b2db7ff0f9811b2cfadc1531390f5fa.xzzx", "sha1_hash": "5bad17c6f209bdebb28e1606fa9f14ece3dffeb3", "sha256_hash": "dfb87c3b75ba2525237c00a764bff401e5e8b03ff4ef2c6fcfa72626fbcc7515", "size": 3170463, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d2affbf9da4a069003d22b618a23d512dfcd3059", "file_type": "created_file", "id": "file_30", "md5_hash": "060420bac4839cf5f19c38943a7b16bb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\97978e0428d9bcbb43314afc2cd2a103.xzzx", "sha1_hash": "d2affbf9da4a069003d22b618a23d512dfcd3059", "sha256_hash": "c1d7b12aab67d3f367d0263b6dbbd4f4ef8cb5c4be639a8f8c69b020592f41bd", "size": 183, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/39216ecbbd1a8402bbf9c24ab0933a15c80d0d18", "file_type": "created_file", "id": "file_34", "md5_hash": "7af68820a4f620b83c4406bd45612a54", "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\8515860f00f2a87f630c5931054d8cc7.xzzx", "sha1_hash": "39216ecbbd1a8402bbf9c24ab0933a15c80d0d18", "sha256_hash": "2be045ba74174227aea2172dc348655bd52185d0f3587708df15a3362272e895", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9ab045eb1bedaf584ebfde0d1bf46019ae1ff049", "file_type": "created_file", "id": "file_36", "md5_hash": "da93b53581ea1df548127c7aa3cf7beb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\8dff43342c68841c83bde75d30616864.xzzx", "sha1_hash": "9ab045eb1bedaf584ebfde0d1bf46019ae1ff049", "sha256_hash": "69c84ce8d01c7e761d477281f27d618bc0c4fff56157ca43449725898de4fd4f", "size": 1367, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3a7cc5153a6dd097f030de730922774f34339d9c", "file_type": "created_file", "id": "file_38", "md5_hash": "02fec1c5dc7e2590a9765b6fb3f32932", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\fd82d02831f226b04645120f361f0af8.xzzx", "sha1_hash": "3a7cc5153a6dd097f030de730922774f34339d9c", "sha256_hash": "1df186e7f72c994ad087878f1516afcc919c5aa93c4fd91e516a434439678998", "size": 68567, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7ee455e5a6aebb6facc9abc6743db788bb75a555", "file_type": "created_file", "id": "file_40", "md5_hash": "fa1b1293b91e27d93f13b23f4da472c3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\3180d48c036a6faaa02e258a076353f2.xzzx", "sha1_hash": "7ee455e5a6aebb6facc9abc6743db788bb75a555", "sha256_hash": "776dd0b99dd4b18c6265d5bb97ddfa56f0cfa625e31fd473a52b94ea3d8e32eb", "size": 1356, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/33cad01020d2bbbe4199037fc04b4b5c77ba5892", "file_type": "created_file", "id": "file_42", "md5_hash": "19ee4889b17d055dc24c0f0f206421e9", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\278d60903b72bf40f401616c3fafa388.xzzx", "sha1_hash": "33cad01020d2bbbe4199037fc04b4b5c77ba5892", "sha256_hash": "2df685df86595f3d205c6fc460fac4581945380ead55c28c69f18986b722a671", "size": 1360, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6ae4d4422f09b686e3a61823b6144e5b8314504", "file_type": "created_file", "id": "file_44", "md5_hash": "28b81e6b09f2ff1a42abc265088acd62", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\63ab35ad17277526536f22e31b54596e.xzzx", "sha1_hash": "e6ae4d4422f09b686e3a61823b6144e5b8314504", "sha256_hash": "64756fa5d348dbbac0cb09b1558b567d609e96da8f6ab42c7097173f9385bcf5", "size": 577, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b5cd478953c437ab45228eaeb2c684311bcf8e84", "file_type": "created_file", "id": "file_46", "md5_hash": "5f293f0eac5fb35c56b22fac54dff248", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\8c424c551a76d4366f1622171e8eb87e.xzzx", "sha1_hash": "b5cd478953c437ab45228eaeb2c684311bcf8e84", "sha256_hash": "085dbc6bcc60b670175cb26ebaa343e17839c81d83a03679dfc9e6cb2f7b4630", "size": 1359, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e28d66870811eef28a97c960283640d9222c2b66", "file_type": "created_file", "id": "file_48", "md5_hash": "c608d3534822e866482d2809a64ad4b6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\4c9e88000cb6cc7042ef328010e3b0b8.xzzx", "sha1_hash": "e28d66870811eef28a97c960283640d9222c2b66", "sha256_hash": "df37dbc3f9cd57a3a011091a152a8f1373befbdb90d3f49866dfa344dbf246df", "size": 1357, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/867e6960318877424c46921bb9099f2091b4815a", "file_type": "created_file", "id": "file_52", "md5_hash": "1f9aa5313695ddf23958e6e3aad848e1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\be3510781871306d58a0b1081c6a14b5.xzzx", "sha1_hash": "867e6960318877424c46921bb9099f2091b4815a", "sha256_hash": "2b4d200af3e59617ca142cf4e27a567cecd825afd291285002ae45cade56aa28", "size": 20094, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/deba00eeee77048da93c5651b154d6e7687d29dc", "file_type": "created_file", "id": "file_54", "md5_hash": "d4530ca468ffb9f183eee5966b298d7e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\2ffb243e16646ff464f688111a91543c.xzzx", "sha1_hash": "deba00eeee77048da93c5651b154d6e7687d29dc", "sha256_hash": "31792954e1c5db412ca8299f714c44da70e4f54384d205da328568f585a51329", "size": 62253, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a94fc7b6168efeb964274c5c21df2f66129e9cdd", "file_type": "created_file", "id": "file_56", "md5_hash": "dfa04f94f8ea24a531e3aedd827d5fbf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b34c34b41ec5682f9cb9477c22be4c77.xzzx", "sha1_hash": "a94fc7b6168efeb964274c5c21df2f66129e9cdd", "sha256_hash": "50aab8c08843ece8b6839c1beb894dcb7d01129082dbeccf4da1555e5567e1d1", "size": 82644, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d04117b3bfc926ffb1316414491ce45ba0d0566d", "file_type": "created_file", "id": "file_58", "md5_hash": "baa927d05899846d8128dc2652f0e1da", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\96e8bc382a82756a96f374bc2e7b59b2.xzzx", "sha1_hash": "d04117b3bfc926ffb1316414491ce45ba0d0566d", "sha256_hash": "228a91cc95b34fbbd3c292d9c9346bce79c5b72c74a4591ca9187641d94db3b1", "size": 84167, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ef4f52ac12f97d90194971548fb3a301fbdcabb4", "file_type": "created_file", "id": "file_60", "md5_hash": "0f462d7d5044e27c97479f358c7d6aef", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\a9467a821967f20598e66b961d60d64d.xzzx", "sha1_hash": "ef4f52ac12f97d90194971548fb3a301fbdcabb4", "sha256_hash": "9d992da6f514be3948454579b41360236ef3a1b0fbefe266d0ef588449544ade", "size": 34775, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/093b6525b6355efd8b32572410702ac540d2e9c1", "file_type": "created_file", "id": "file_62", "md5_hash": "1171ed3b0ffcf3aa020cd28ee83e9eb7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d8b4fbc032e124e029e6603236da0928.xzzx", "sha1_hash": "093b6525b6355efd8b32572410702ac540d2e9c1", "sha256_hash": "325163f38c746bd100fa9fe1cf1333a6b874bee390629ed76498e94778fc5fa4", "size": 45755, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d0881ed00484ca79cda816c05d458a8ea77d70fc", "file_type": "created_file", "id": "file_64", "md5_hash": "82004c86021c94d53032ecfdb83f370e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\af137d37318f929fc9ec733b358876e7.xzzx", "sha1_hash": "d0881ed00484ca79cda816c05d458a8ea77d70fc", "sha256_hash": "5036fdce40bbb4c0f0249f19ae68c26b02a600299b4bb7caba155e7512ed9320", "size": 58924, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c527d2339c52dc25cdde7ddc9f3711c3cb586316", "file_type": "created_file", "id": "file_66", "md5_hash": "e2cfc66de56f175d38c1aa7a8d5011c0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\e1cb2de23002b20e4903a282342f9656.xzzx", "sha1_hash": "c527d2339c52dc25cdde7ddc9f3711c3cb586316", "sha256_hash": "bd4f6687a6d0a7dd0b3b93663de82a17b724a6a6aee8982d0b4973438bf7abc2", "size": 58797, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f024ff6f307dd504aad45a548789f393cc4e05ab", "file_type": "created_file", "id": "file_68", "md5_hash": "e5568878364ee557ace58675f1ca50aa", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5a5e8816436aba61c7ec8f1a47a79ea9.xzzx", "sha1_hash": "f024ff6f307dd504aad45a548789f393cc4e05ab", "sha256_hash": "b3f6f5113c93892024223b4188734833668fd7bc782a6367c645dd7352be6cfe", "size": 567, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/72dd2b94f3b8c6c3dfed7534dcf5647f1ede90a1", "file_type": "created_file", "id": "file_70", "md5_hash": "6e6f0daf10918d01e72c4d8002373d8c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4ca2a3b835a9c9d86061764339f6ae20.xzzx", "sha1_hash": "72dd2b94f3b8c6c3dfed7534dcf5647f1ede90a1", "sha256_hash": "2c3552ae0fdd0bcf0ba05689550fa13217be85aa9df2bfe5a77aafac73ae5d46", "size": 43890, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a7a666ad57dc3812867c7ea853ff4d797375c53a", "file_type": "created_file", "id": "file_72", "md5_hash": "28f4829c79f4eec9fd7cddfd060f07aa", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7e0556c23257a27a640f901f368486c2.xzzx", "sha1_hash": "a7a666ad57dc3812867c7ea853ff4d797375c53a", "sha256_hash": "e7c311f2d14407fa76d5b422b37eb0e35f7acf8bd15d0a514c7a0750b4b664b8", "size": 41328, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/882cfdde487ca0c545d3e2463f92b21ab81e63fa", "file_type": "created_file", "id": "file_74", "md5_hash": "79f69f3bcdca8095e7f6242ea2dbde8a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d4132cc416066089c413f0dc1a1e44d1.xzzx", "sha1_hash": "882cfdde487ca0c545d3e2463f92b21ab81e63fa", "sha256_hash": "a4fcc7926a4c315a43245ed461e015e0b74a3ff71915a2bca221a419c48cb6d0", "size": 66630, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5d13c2e47f9200f5a47c97e1838f172dea682d1f", "file_type": "created_file", "id": "file_76", "md5_hash": "860c337e5dfb49521db578df71f496d3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b8f78ce2222013c8ff50021b265cf810.xzzx", "sha1_hash": "5d13c2e47f9200f5a47c97e1838f172dea682d1f", "sha256_hash": "ff1f9af96be15a21138d7de11a6d58e7b5fd60fac22a7635a31dd669c44d04f6", "size": 1968, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/245e99cc9fe8fbbb06fd17c5e98f77d0fe7a8226", "file_type": "created_file", "id": "file_78", "md5_hash": "c8875444c336fb900e594143f0b53e78", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\2f2ebad63a6e51cf01e49d9e3e863617.xzzx", "sha1_hash": "245e99cc9fe8fbbb06fd17c5e98f77d0fe7a8226", "sha256_hash": "ae122938e7e7a67e4f77917903a6c6eb90df1450190cb57eefe10b92c8d353f8", "size": 66232, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/23112502950dcc498590a4d0b5afd344fda6e51e", "file_type": "created_file", "id": "file_80", "md5_hash": "068b4f214d2a568168bf785f95037b7e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5f3f59042cd153ccc290441930fe3814.xzzx", "sha1_hash": "23112502950dcc498590a4d0b5afd344fda6e51e", "sha256_hash": "3f11eb5d5f05c27f29bcd0543c107f01af353ae96a54f2afd622e8ab43b00b08", "size": 6786, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/35f59bd3a3a5c1361980b9433a149cf01d64d1b2", "file_type": "created_file", "id": "file_82", "md5_hash": "add410986e6e80f02e2175724e40b0ab", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\d7ddfdc32cf119c87b5bfa373108fe10.xzzx", "sha1_hash": "35f59bd3a3a5c1361980b9433a149cf01d64d1b2", "sha256_hash": "76181db8f9f4a1b80e3ef56b4190fa960d40ff0a080390e446b4992bf472fb83", "size": 85791, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/280387cabd31fb7714a6e4dfb6d5c6dd16c05f5c", "file_type": "created_file", "id": "file_84", "md5_hash": "7c71fcc1c1df2874bd7e0a15236ab206", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bb3cccbc286641fc324d4a8b2c932644.xzzx", "sha1_hash": "280387cabd31fb7714a6e4dfb6d5c6dd16c05f5c", "sha256_hash": "fb690f762dc185a23f6dcaf85ac73638fc9c6bfba4915713d8cd56cbf1c56d72", "size": 96613, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/66d11069b0d956233f44f832d95eba3533a124a1", "file_type": "created_file", "id": "file_88", "md5_hash": "4e2e176d209ff6f708568125d1c4ce8d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\b0407b59334cdcaf9e2ca2e33779c0f7.xzzx", "sha1_hash": "66d11069b0d956233f44f832d95eba3533a124a1", "sha256_hash": "be2aa830518ca712f57ae92259a29fdc807c9d9d3cc0adc084bb6addc51b7ba0", "size": 16010, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9982ef4bb4be4bbd86b9ce2be0407ac663dba358", "file_type": "created_file", "id": "file_90", "md5_hash": "e5a22f5c0a824e162937a9d7b5cff37e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ee9b10b00f697ce4836159f013d6612c.xzzx", "sha1_hash": "9982ef4bb4be4bbd86b9ce2be0407ac663dba358", "sha256_hash": "a69df84dcfdb681257231df2a3d7a190cfecde3d0973165927c8bd85462c8c62", "size": 80954, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/104bd6b351c337578cd7df1e69f09f1292a9d018", "file_type": "created_file", "id": "file_91", "md5_hash": "1c704ab468506ad7d1c352cc2e0070e4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\38aa9e1f3fe71932fade96e143fefd7a.xzzx", "sha1_hash": "104bd6b351c337578cd7df1e69f09f1292a9d018", "sha256_hash": "034185248f0990238dc977b26c28de529c2fc3851ed38b00e95044968ffc7bfa", "size": 83855, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d8e097877556698786150617a7970b373d6fdc83", "file_type": "created_file", "id": "file_93", "md5_hash": "0625acb064776d360affe00014a24ee2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\8441a0b23fa9b9126d832a0d43d69d5a.xzzx", "sha1_hash": "d8e097877556698786150617a7970b373d6fdc83", "sha256_hash": "2dc96cbdb288cc9cf7917353f57d832bee6f99c1254fc4654e7ffd791e095853", "size": 23919, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6b88b6ad96871cadec6cf38ba09fd68a56b95e20", "file_type": "created_file", "id": "file_95", "md5_hash": "075ee2afdf45b3e2dcb505d5658cb709", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\240d5dc448cdcc4a47de5ede4ce5b092.xzzx", "sha1_hash": "6b88b6ad96871cadec6cf38ba09fd68a56b95e20", "sha256_hash": "b07dbca680b89db0b02c68f3544dc6ed3443fe20e547ba1ee0e0c44341fd4a71", "size": 31660, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7c2fd252a5f6ea0e97355259ce1fba1dc8bd5aa6", "file_type": "created_file", "id": "file_97", "md5_hash": "5821ffeafed312a4d7df3d5cdbdb93a7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\2525214410f7da278be33b7c150fbe6f.xzzx", "sha1_hash": "7c2fd252a5f6ea0e97355259ce1fba1dc8bd5aa6", "sha256_hash": "039db0df68723948a7a5a7448d3ebc6a64c952b71c68a3644dcfa5b17b22e164", "size": 26963, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/95f282c60802b04a65dd7013f1de0b1c08bc40f1", "file_type": "created_file", "id": "file_99", "md5_hash": "e79fbf767d4b3a3c75f729c2e6cbd6aa", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\b4a323b51740b3fd1d50dd1d1b6d9845.xzzx", "sha1_hash": "95f282c60802b04a65dd7013f1de0b1c08bc40f1", "sha256_hash": "c213f4a6e8c3529874071c1b810aa500568c0e79f0a88debd7a708cece6fc2d3", "size": 42970, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6d9128d60dd3a97fa512b6027bd287ba37b74cc", "file_type": "created_file", "id": "file_101", "md5_hash": "e45216fd5eb8cd93ed95052e5b3314fc", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\a0dc431228de1e088fd30db72cf60250.xzzx", "sha1_hash": "e6d9128d60dd3a97fa512b6027bd287ba37b74cc", "sha256_hash": "f3c1254bf98f02a7987d79f1301e49adce9ae60d836c00c517ff582745249cc7", "size": 33340, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a72f5fa9f522773340265caaba96102509339443", "file_type": "created_file", "id": "file_103", "md5_hash": "9f5c4299b1965454907854c71bfe6580", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\4718805a3b556c301085a1313fc25078.xzzx", "sha1_hash": "a72f5fa9f522773340265caaba96102509339443", "sha256_hash": "403d8f8c46ae37fcb3335bf345f9dc78d3599fffeb011a5952be8db86f27860c", "size": 28573, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4572b728efb3bc3ceaa60cf9571703650c204934", "file_type": "created_file", "id": "file_106", "md5_hash": "da602b009d8cd890c1e3bdd2b5a5efb8", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\3d3271b13ffa5012e003eab54427345a.xzzx", "sha1_hash": "4572b728efb3bc3ceaa60cf9571703650c204934", "sha256_hash": "1f91004a3d4904175142f00d64a898d9a2fc2aeafab0b937eb255a9efe93261d", "size": 9686, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3a987526ed956ad2b3937b129bd57321e0ecc1d6", "file_type": "created_file", "id": "file_108", "md5_hash": "cf18e086da2ac760667bc193720d99fa", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\1b49d0d52a00521de10dafa32e183665.xzzx", "sha1_hash": "3a987526ed956ad2b3937b129bd57321e0ecc1d6", "sha256_hash": "198f4484c92081b5ee0a306ef59b169e302f9c4c8ffe7222df837684020e564b", "size": 102084, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1f823e96d319a9f20135f34c5b239346ee648b34", "file_type": "created_file", "id": "file_110", "md5_hash": "cdf1740a130dcd83a703f15b3898d755", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\069c108614226dda8ed0a1a1188f5222.xzzx", "sha1_hash": "1f823e96d319a9f20135f34c5b239346ee648b34", "sha256_hash": "20067c71c52c4c569cd39b5a475329ac95a3527b8a7978aa722d50634e5e06b7", "size": 59936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ee9a2a54c8b786b95acc0be32418549461710cba", "file_type": "created_file", "id": "file_112", "md5_hash": "b4dbac01935a41cbaa158f50e4032daf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\e47d77fb28ad6f18ceb95d752cda5360.xzzx", "sha1_hash": "ee9a2a54c8b786b95acc0be32418549461710cba", "sha256_hash": "816c11bafb15e7b8c30c61bbb0efee27793371f138d8e4ac5c05de925eef4a23", "size": 92647, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7f493207f514d1ef92bea3f437147beff4570289", "file_type": "created_file", "id": "file_114", "md5_hash": "f480b9ebc1a6e813b9bc2ecb624df014", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\3d2178a332ed6f4701e92e353705538f.xzzx", "sha1_hash": "7f493207f514d1ef92bea3f437147beff4570289", "sha256_hash": "4aed55a0a8320460e6a3289e96f837cec7cd79c0da84efbd9276cfff5f977611", "size": 98580, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b7ac79f626ef4d1e5934ed7b133f84e1f141ee14", "file_type": "created_file", "id": "file_116", "md5_hash": "05e9a38bd2a8eb58b385fcc203ea4282", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\9345d86a0f87da84ada8003e13b4becc.xzzx", "sha1_hash": "b7ac79f626ef4d1e5934ed7b133f84e1f141ee14", "sha256_hash": "16a333cf8c552f487b54463e5e50abee2f51cd79d34ede62eb3e29468239defa", "size": 88895, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da94f9b274ac0cf7af86251e759ad9e16d6a5f99", "file_type": "created_file", "id": "file_118", "md5_hash": "630a139a9e73ccd9ac24b4447ab900ff", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\a216bea01542c25c94fd01f0195aa6a4.xzzx", "sha1_hash": "da94f9b274ac0cf7af86251e759ad9e16d6a5f99", "sha256_hash": "baaca3f4434f4e8f0aaeab6ad4712a1e53d12b39d9de754c13cb5eb62817c36a", "size": 4540, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/94eb338b2f2316bbed6e44ff4008098c1c9c2c63", "file_type": "created_file", "id": "file_120", "md5_hash": "ff5926fd6c79d1ca4bdb2c1646ce451e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\e85c7261086e23dedfc379d70c9b0826.xzzx", "sha1_hash": "94eb338b2f2316bbed6e44ff4008098c1c9c2c63", "sha256_hash": "390123269a79675bd22fa2f1096de4c5b6a5cd60a85b80326e7fce0603e3260d", "size": 61402, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8c23e02ba967118a24e90635f98ae40162fdcdc2", "file_type": "created_file", "id": "file_123", "md5_hash": "172705fe35eab7f0a943c14fd12c13cd", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\ikpxup8ushighl1\\33820cbd02f4b0d349b807ff070c951b.xzzx", "sha1_hash": "8c23e02ba967118a24e90635f98ae40162fdcdc2", "sha256_hash": "5d95e36c4e05dae3890220d86fa52e6f8bb64c24f7c5adceb9cc10f947104364", "size": 69691, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eaf0540c1a148a648724908ceb4f129d13c5ccb0", "file_type": "created_file", "id": "file_125", "md5_hash": "cd4f89617d0a4d0cc2180c36f5b9c9b2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\632a4073379a2fdc09389deb3bc71424.xzzx", "sha1_hash": "eaf0540c1a148a648724908ceb4f129d13c5ccb0", "sha256_hash": "caccdf7bbf5c32b3088ed685e6e354cc3e31f280f331802d25659b4d666c6714", "size": 34433, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/59d49c41072e578802b95056a186338ed46332da", "file_type": "created_file", "id": "file_127", "md5_hash": "d0cfe4acca118972fb75384684f8f364", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\6b01ea683dc5f7920a3c155c41dddbda.xzzx", "sha1_hash": "59d49c41072e578802b95056a186338ed46332da", "sha256_hash": "16416e08daa079d2db90a9465fab59399f3e122775c84b400d99cff4f343b812", "size": 92813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/287450b04ea91a1c35ea39a9c93abb3507331656", "file_type": "created_file", "id": "file_129", "md5_hash": "b1c3432d2f07aa1891eeda4ed9c0f8f4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\5154be9c1011afd27b96a6c6143e941a.xzzx", "sha1_hash": "287450b04ea91a1c35ea39a9c93abb3507331656", "sha256_hash": "8cf2b9dba45a5c49b414aabdea6e2e3f4ba3721d3eb5a16ff682053ab737ade4", "size": 4454, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ee9eff3bd7d6ee254715736b44258f5a0a776ad4", "file_type": "created_file", "id": "file_131", "md5_hash": "1ced70356d384fbe0887df89f72ed012", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\f8f047460eb3954ecccbc0d612cb7996.xzzx", "sha1_hash": "ee9eff3bd7d6ee254715736b44258f5a0a776ad4", "sha256_hash": "671427d0ef4d90ef2ec86049d767aafcdbd5d1af83bdf0dbd9ed6e2229dde220", "size": 86236, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e99da89cf13cc863694e1be22acb212250fd3dd3", "file_type": "created_file", "id": "file_133", "md5_hash": "66d1b0c8809a3e340a06443cffe1f852", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\e3e55c1830b142fc6c2b225e34de2744.xzzx", "sha1_hash": "e99da89cf13cc863694e1be22acb212250fd3dd3", "sha256_hash": "5709e9813696c9d853b00a1adf14f5a1b8d9354cf278201fad891edc4c1ee1f2", "size": 41821, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d0c8780275620821cc79c90a8b682ff3b2367667", "file_type": "created_file", "id": "file_135", "md5_hash": "f2a52aeb2e175a88aeacd11063e8d9fb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\73c0d9902a7964c0808d031b2e914908.xzzx", "sha1_hash": "d0c8780275620821cc79c90a8b682ff3b2367667", "sha256_hash": "a8f2542a30e5c2ba92fe555dc27cc04bb55576534aa25f7a1729a4759e87a869", "size": 45915, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d082e00a2613cac7d2e9ff4fbe09e87d01bce909", "file_type": "created_file", "id": "file_137", "md5_hash": "aa8f05f29f54f1ded055b59bb41b4e2e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\0fe24cf432281f2497377d743655036c.xzzx", "sha1_hash": "d082e00a2613cac7d2e9ff4fbe09e87d01bce909", "sha256_hash": "d259c116e5af57217c025394521eb030bd54a48042075cb8a8bee830709c3c02", "size": 52526, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/321f6f985b84627c6e3823b3c9ce1dde7d2f511d", "file_type": "created_file", "id": "file_139", "md5_hash": "66a036e74ef16981c2c5de0cd95dacd8", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\7d60b7a8152cecb0b780c8b61944d0f8.xzzx", "sha1_hash": "321f6f985b84627c6e3823b3c9ce1dde7d2f511d", "sha256_hash": "d98b48f11989504c182d7ebc89ba5080e35c7934159ad5ebe0b33d549ff45812", "size": 86520, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fe09e2fe4d1e19443f1edc366e9a7b05b76b2028", "file_type": "created_file", "id": "file_141", "md5_hash": "602bad099f347131c7d0fc42288f7d88", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\de6d908a0693b67d2f37324a0aab9ac5.xzzx", "sha1_hash": "fe09e2fe4d1e19443f1edc366e9a7b05b76b2028", "sha256_hash": "eb612eebd781e26d352df807b376fa664f9d0a924fa740f69e7631f6e435ef09", "size": 53110, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5a45953bcbba0e03aa81752ec481cbda743e827e", "file_type": "created_file", "id": "file_143", "md5_hash": "fa0472ec8ffba2664c7fe54ab03d9a35", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\lhhnd9lew5xmlxw00jfa\\zw28zqhzfxay2nv\\4cde900f0bc30bb32ab81ee70fdaeffb.xzzx", "sha1_hash": "5a45953bcbba0e03aa81752ec481cbda743e827e", "sha256_hash": "cf9d5c8015302523ac1dd101e5fe19350a023a2971361e03c28038bbcaef53de", "size": 23268, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/112856c2cdba6c0ee0b000c4edd1111888304ba0", "file_type": "created_file", "id": "file_148", "md5_hash": "3cef2ac0d6eb9cbd7fb5525810239b11", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\bf7b86490294f06b45ac44d706acd4b3.xzzx", "sha1_hash": "112856c2cdba6c0ee0b000c4edd1111888304ba0", "sha256_hash": "15663764387d013c1833ee7d44801236a79922e5743043e7fbfe4adb58b70d73", "size": 381, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c55a945c726e0d54f338fa1b2ea5998dd831ca49", "file_type": "created_file", "id": "file_151", "md5_hash": "84d2cc2a52da42f308082110d804e971", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\7b7ba3c4205941180fe9457124712560.xzzx", "sha1_hash": "c55a945c726e0d54f338fa1b2ea5998dd831ca49", "sha256_hash": "fe626bed5e421e266b5b5def2ee3de64434004a93769c8a5c79e4aecd162caad", "size": 30089, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/be3a212ab2b9f7d28d705ef4d70658ab14844c7e", "file_type": "created_file", "id": "file_155", "md5_hash": "cf5d5391f97c7bb8a30d0b46566a1ce6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\7ba753503e40d4c00f297b124258b908.xzzx", "sha1_hash": "be3a212ab2b9f7d28d705ef4d70658ab14844c7e", "sha256_hash": "114b557c1f4d8f2826300e8b2c011b49d7ccc9a0bd9b4bf6ce1f75e037e96594", "size": 271547, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a74a21cfe42872d6debb2f0590257467f6cefeb6", "file_type": "created_file", "id": "file_158", "md5_hash": "760acaac8a4822c7708300c7b7412b40", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\4645e01c4f3ccec4ea018e655354b30c.xzzx", "sha1_hash": "a74a21cfe42872d6debb2f0590257467f6cefeb6", "sha256_hash": "c8bf3bbcb47c1d2e675716e436eb2a8e3ef7f884f4c43358555a7ad9b434d181", "size": 447, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f460a746dcc8ce5ce54bb57a9fd7c0ef1a8a3f60", "file_type": "created_file", "id": "file_161", "md5_hash": "f416139ee234a074a84840a79d5e4492", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\72a6c9432269cce1a510518b2681b129.xzzx", "sha1_hash": "f460a746dcc8ce5ce54bb57a9fd7c0ef1a8a3f60", "sha256_hash": "403ff5c14278cf92f5b57faa89ee5bd1213cf65f72c9c57d69917124a83e196f", "size": 567, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b7b40b2365139cf8355cdc3cd176105ca78d507f", "file_type": "created_file", "id": "file_164", "md5_hash": "55bfb842ce6739aa416236f6579d0b37", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\8e5ece9444dbaf1a59bc413e48f39362.xzzx", "sha1_hash": "b7b40b2365139cf8355cdc3cd176105ca78d507f", "sha256_hash": "8d70759716c129c0b812279dae24c4747816b35e8c06cab0f41761fcefcc347b", "size": 245, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cd95f93ad65b8893e58bc74bc17e4363f21e0b4c", "file_type": "created_file", "id": "file_166", "md5_hash": "731f9dfe1d316d6b0fcb427621a5cbed", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\b8440918056e9f026ea48c8c0986834a.xzzx", "sha1_hash": "cd95f93ad65b8893e58bc74bc17e4363f21e0b4c", "sha256_hash": "51364ec4cde902259292f3732ec387e8169d965fed6d472be2e56aa53052b578", "size": 417, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2e3d7e85acae7c40273a65316ab5fa7fd2f458c5", "file_type": "created_file", "id": "file_169", "md5_hash": "2718bbf5f733c4313b2030de72a5f064", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\15dc3754190a8ea84ed7a99b1d2272f0.xzzx", "sha1_hash": "2e3d7e85acae7c40273a65316ab5fa7fd2f458c5", "sha256_hash": "8d832c6a9193c46a924a3a25f9b6fc4b557f4efa3a72579291806709e86c6d3c", "size": 411, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b155e0fea261b0509ba54a744fe90ac9464c5502", "file_type": "created_file", "id": "file_171", "md5_hash": "d90ed03b0659f370f185a930ffd12c01", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\1b49b9e018f35807975dc8201d0b3c4f.xzzx", "sha1_hash": "b155e0fea261b0509ba54a744fe90ac9464c5502", "sha256_hash": "ac1ee59f00279cec0f8555b1122a071d13429101df144dc54085bba18be5722c", "size": 312, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/06ab81ed90ecada598fe0381f3bd54d2138be405", "file_type": "created_file", "id": "file_173", "md5_hash": "b62a4313f4a8109e488acbb907d7a948", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\fd9030e848c62d90344a51e94cde11d8.xzzx", "sha1_hash": "06ab81ed90ecada598fe0381f3bd54d2138be405", "sha256_hash": "7836e3508d1804f4e1707cea6d58f254b73bd941f0b915ad2a24a9ccb6ef7116", "size": 332, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/916b741f616d9fba93ffe6088ff8c4b2bbb57196", "file_type": "created_file", "id": "file_175", "md5_hash": "7b6ba656037cdc448f6ed1f41a1300c5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\30fef3b4011abe0e503ed66c0532a256.xzzx", "sha1_hash": "916b741f616d9fba93ffe6088ff8c4b2bbb57196", "sha256_hash": "5a0229d14f2b37da6afbd19825edb1a8aa30a539309efb5be4987903a0da5eb2", "size": 318, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1c343789a8fb47bfc4161662cb41d49788898dc1", "file_type": "created_file", "id": "file_177", "md5_hash": "0d379c94c9634504f0392b6ae9b3ccf4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\b2a8c78f28f146042377d2fd2d1e2a4c.xzzx", "sha1_hash": "1c343789a8fb47bfc4161662cb41d49788898dc1", "sha256_hash": "5c4b32cf30da1bc7b1cbb434c9236c71c0a0cc5a4ae4440ea35454f19249d5f3", "size": 318, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/32f7654ae81ad249a7e119fbaa8afc5515128646", "file_type": "created_file", "id": "file_180", "md5_hash": "25f0799c63bd239b7af324814d33d6a7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\1844fe2a092a01627c9eb5e50d41e5aa.xzzx", "sha1_hash": "32f7654ae81ad249a7e119fbaa8afc5515128646", "sha256_hash": "2ffb53b4fb4aac427fa007a8568f267cc5e1f2b5c90432171aeffd15525dd2b2", "size": 315, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cdcdde2bf8309b8219efcf9ebba08db1899eff9b", "file_type": "created_file", "id": "file_182", "md5_hash": "c5a7b6f40f786b4f38dab85eb63ff458", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\833df956476c97eaeaf8ad0b4b847c32.xzzx", "sha1_hash": "cdcdde2bf8309b8219efcf9ebba08db1899eff9b", "sha256_hash": "1f6d95700d944989057bcd1fadaab71fca3c1e244a3e6ad5b74550da07fbffeb", "size": 302, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f02be445418ff5faa34a6aa8aa02f817d8b94fde", "file_type": "created_file", "id": "file_184", "md5_hash": "d8c8e49869b0894ce1c39de2e0596262", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\13771db6235c0add78bd03922773ef25.xzzx", "sha1_hash": "f02be445418ff5faa34a6aa8aa02f817d8b94fde", "sha256_hash": "50433ca1689fe9fb678311ca369226bfb8ee955d705834f74f006651e2375cbb", "size": 318, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f544655115941f161ec46a3c91a0a86f55783cc8", "file_type": "created_file", "id": "file_186", "md5_hash": "9e37796c60680bba180b4bda51c6c848", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\8f3b67d5108cb69fdd5c15d914b99ae7.xzzx", "sha1_hash": "f544655115941f161ec46a3c91a0a86f55783cc8", "sha256_hash": "76b2334c79f6cdf7d6fe27edaf0d335a548d069dc3e347fe5125d4262a0cf2e3", "size": 302, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3d853e036d8c934467626a19c14c9b5c9e365495", "file_type": "created_file", "id": "file_188", "md5_hash": "6f7e39e7975d0e66dd208f8a141fdf90", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\94764f5b3c2dc73eaed48d494045ab86.xzzx", "sha1_hash": "3d853e036d8c934467626a19c14c9b5c9e365495", "sha256_hash": "a3b721c0ae2df20467a22647c4722abbb62b06f06c770e7022b1b175d4313aa0", "size": 304, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2a35c29640b3e7e02004d36e358ed19cae619efb", "file_type": "created_file", "id": "file_190", "md5_hash": "9217170c0c1dac3e954e43177162d0b6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\583ca788134302604af8fa2e175ae6a8.xzzx", "sha1_hash": "2a35c29640b3e7e02004d36e358ed19cae619efb", "sha256_hash": "d41a5ca2893360731a2ae6bbfb955e60bdd221c35f7bb479ea6ea3e94c360a0c", "size": 290, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/54f160ca84c0fe0a674a13ca5217d6dea31299a1", "file_type": "created_file", "id": "file_193", "md5_hash": "5235f32bacf62ce875c416b6a0e119b1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\880f5e93248ac126c0e08bb728b7a56e.xzzx", "sha1_hash": "54f160ca84c0fe0a674a13ca5217d6dea31299a1", "sha256_hash": "a421ada38182be3b492ea9bfded026b859abaaaca9643ee5b1c2af5d5d443bb3", "size": 304, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/132e069269ed2fc6ce8a7e0559affb118bf810dc", "file_type": "created_file", "id": "file_195", "md5_hash": "4c75edd47dcd6a49d4fd5e7127e5729a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\9aa1db0a3e2db1949e51c4ae424595dc.xzzx", "sha1_hash": "132e069269ed2fc6ce8a7e0559affb118bf810dc", "sha256_hash": "f1b9def9278c0bce1e8353460f21a3029b7e3510cf998c7233ce80644b83a712", "size": 316, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7dfbffc8e708803445fe3fcea81abca9f93a7432", "file_type": "created_file", "id": "file_197", "md5_hash": "ead1d310ed213a5e11b13fa2b7bdf3f4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\d9b986602fbc15fec37446303428fa46.xzzx", "sha1_hash": "7dfbffc8e708803445fe3fcea81abca9f93a7432", "sha256_hash": "14a44c681f34a848cfa8539761f2852a2378efed24e1f51cfe6ba7026be76216", "size": 324, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1339d921e13d2594ed344e066162b4b55af89e4e", "file_type": "created_file", "id": "file_199", "md5_hash": "00bf787a8b621ec6cc8d075a44d3f4f5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\fd9d491315d8c1eee26af31719f0a636.xzzx", "sha1_hash": "1339d921e13d2594ed344e066162b4b55af89e4e", "sha256_hash": "6f3d6bee59332e753cea279ade3649ecf38cb5a9aec033ba6568cd593d88f0c2", "size": 318, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/95a58e3c2e4068eb4d965338b78ccc34d64f4a1f", "file_type": "created_file", "id": "file_202", "md5_hash": "1861d12da7cadebbfadaaf5fcae2fa08", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\a58916d017654cd0cf379f2b1b923118.xzzx", "sha1_hash": "95a58e3c2e4068eb4d965338b78ccc34d64f4a1f", "sha256_hash": "367dfc1aab18979d723f555d5b8db12d0db682aaa3cdd54b011fa10353fee3cd", "size": 322, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac8baf7c3c291a8ad2d7ad6a27beb53903fa5af7", "file_type": "created_file", "id": "file_206", "md5_hash": "bbd52b08633142b1a05bf5aabbb1120c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\afa4cbc047178b40a7e7aa8d4b2f6f88.xzzx", "sha1_hash": "ac8baf7c3c291a8ad2d7ad6a27beb53903fa5af7", "sha256_hash": "6233fcb1e4e49031ca08b31646268d13a4147d4c5f428313dd8cff656499c805", "size": 745, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2b15ca0c4217de43c53776d39216f9d1972c99fd", "file_type": "created_file", "id": "file_208", "md5_hash": "8d697c13c4bebeb2470a203db13767d2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\02d36bf7229fbf1a2d198367271ca362.xzzx", "sha1_hash": "2b15ca0c4217de43c53776d39216f9d1972c99fd", "sha256_hash": "c1fa1ab30f748fdfe2fb5d7999a3ca670fcfe862a20e77183921b26f9bd85fc6", "size": 538, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bbbc51e1be2d9b5507be5cb95eb7f57be01b540c", "file_type": "created_file", "id": "file_210", "md5_hash": "455acf569a78a766035542b7c025f8ea", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\95567f6e0cf2434a8f3cb62a111f2792.xzzx", "sha1_hash": "bbbc51e1be2d9b5507be5cb95eb7f57be01b540c", "sha256_hash": "011278a45019dc36bb9db7084523d27eb4806439e7748da04211a46a79070380", "size": 9317, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/286db2a3fcc09af1c9b06be39102f4fb3e1d0958", "file_type": "created_file", "id": "file_212", "md5_hash": "754ad1f657d88ca8c43eed66bdffef39", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\d25ef7c41a27d9e43ebb395a1ebabe2c.xzzx", "sha1_hash": "286db2a3fcc09af1c9b06be39102f4fb3e1d0958", "sha256_hash": "5df4fcfcfa891fd400fccbaac82e8e0ad1359108f67cc8740f07543a04aaf9bd", "size": 25497, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1ff0ae557c64e1b4a34f92e9547629e64ee8aed7", "file_type": "created_file", "id": "file_214", "md5_hash": "6621b1997d6cbd1c889ebc297ea56373", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\61c67744188385c0eada50e91cf06a08.xzzx", "sha1_hash": "1ff0ae557c64e1b4a34f92e9547629e64ee8aed7", "sha256_hash": "5133e1ef36c9fcb9ad0188a365d22faf63637ac6c86f1c60d5983444b9f6d14e", "size": 1098, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1ca0de52571149182c8f63c4dcc0aeeabb789560", "file_type": "created_file", "id": "file_216", "md5_hash": "e7d862e612fe891e31344f78acdb3436", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fcd862501902e584e01cefe81dabc9cc.xzzx", "sha1_hash": "1ca0de52571149182c8f63c4dcc0aeeabb789560", "sha256_hash": "c22bd8fb406827096820d418b530a5ee87bc1870e2d8d4a69a15837057bb17fa", "size": 4636, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9affa9196730805eb431774664eda2f47f2e6b29", "file_type": "created_file", "id": "file_218", "md5_hash": "726705e4c5f5e6ba5939d025fd87e895", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\5ef7279e2ed18e2582c79cc632e9726d.xzzx", "sha1_hash": "9affa9196730805eb431774664eda2f47f2e6b29", "sha256_hash": "8dad840babee49b711c27e83ea5a5094fc12e9fa099be8dbba9b2a715d2ba193", "size": 669, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b26921b8ca1aa96ca1d31b67b3cfc78177055c70", "file_type": "created_file", "id": "file_220", "md5_hash": "d54c435d95e9b30b15afd93207f46f79", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\129dfdc608a49a7cbff35cf70d217ec4.xzzx", "sha1_hash": "b26921b8ca1aa96ca1d31b67b3cfc78177055c70", "sha256_hash": "9156bab19d37f1fc49fbca9a5b4e16637c59c9f96b315e4d2e0632d2850d8bdf", "size": 76770, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/55ae39d4862be22a09bb45c8d8439670bed66501", "file_type": "created_file", "id": "file_222", "md5_hash": "803ffe4870325b3051b7f545419ff130", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\35a8a5603be70712a81d33d040a3eb5a.xzzx", "sha1_hash": "55ae39d4862be22a09bb45c8d8439670bed66501", "sha256_hash": "37eaa139ed744f5dff67cf1dc8df9d2a510f25a4c073a5c7fdfae6ba69c9dcba", "size": 65906, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f06919af9f35d49ddcfec8fcaa9ddf7f70c8be8f", "file_type": "created_file", "id": "file_224", "md5_hash": "ea34f06f4df7b220e1c54236d20cb25b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\b169cad546c877a0159fdf7f4b675be8.xzzx", "sha1_hash": "f06919af9f35d49ddcfec8fcaa9ddf7f70c8be8f", "sha256_hash": "96f59caaf8bdce2e5bab2138bc46c437e7b11f18bd8d72a9c5ffb1b01155a364", "size": 95914, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3e25e007630c221b670b542f29b9260729883520", "file_type": "created_file", "id": "file_226", "md5_hash": "0f6cf9a5de83764a04e784a50cb94049", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3dab40862fbd462437e5810b348a2a6c.xzzx", "sha1_hash": "3e25e007630c221b670b542f29b9260729883520", "sha256_hash": "8d4aac20fc3e7cfe7ba8d8e0de6c599b0303bd947e5a8dc464e8dc2f5d6298b8", "size": 16272, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c28e2e082d5df0447038c7bc78d1f2a5200d155e", "file_type": "created_file", "id": "file_228", "md5_hash": "f2d8bbf24987f9ddf50724a32bcce8dc", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\70cb960a1797b0a14eb31b321c2694e9.xzzx", "sha1_hash": "c28e2e082d5df0447038c7bc78d1f2a5200d155e", "sha256_hash": "1d3a92482f84b28eeb7101420aafc00b1b2b9d0d34dd43dea9274e2fdc43a535", "size": 95914, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dba44308f33c87cfaf2a298aef9f2f9cd89e1a04", "file_type": "created_file", "id": "file_230", "md5_hash": "f3deb548130f7e011f7e14d22a6a33b1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\51a5a3c031894064fcb3ced0366624ac.xzzx", "sha1_hash": "dba44308f33c87cfaf2a298aef9f2f9cd89e1a04", "sha256_hash": "35c49df5839e24e53bddab5141f7f42ca9a02f405ce2f22542a9a67290faa6cc", "size": 83461, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3d76d7035aa2cef358b260d898c98b7edfcedada", "file_type": "created_file", "id": "file_232", "md5_hash": "854596fd469ad894a3579955c4871711", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fad3bb6308c4fc66694f337d0d31e0ae.xzzx", "sha1_hash": "3d76d7035aa2cef358b260d898c98b7edfcedada", "sha256_hash": "b901fa970a0d8e0a69382aa8e0fea84503a8b893488d5bde9b819b6bafac418a", "size": 95914, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/de9bdeee50966200847186c73d2016a0590b075d", "file_type": "created_file", "id": "file_234", "md5_hash": "67840eada81e1a87a8cbc6553d4b268c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\c8e8bddc263509ecaca7c0d62a50ee34.xzzx", "sha1_hash": "de9bdeee50966200847186c73d2016a0590b075d", "sha256_hash": "cd0750b9a1d243470427e9ff106284b41ba15fc95b2bdfb0ced0b02d07f61c80", "size": 83461, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/84665235ede98bb2c4a8028457f15ca7a7df78bd", "file_type": "created_file", "id": "file_236", "md5_hash": "29ac431be819c3c08d164e8b45b87b96", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\eed603f80d860cc870d6498a119df110.xzzx", "sha1_hash": "84665235ede98bb2c4a8028457f15ca7a7df78bd", "sha256_hash": "f0b0e27fb2df28ccf175ed5e290904ef6452459c38f6112eee94c653aa29c39b", "size": 91389, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8ac8072872947ae19882007f93f39136d2de6783", "file_type": "created_file", "id": "file_238", "md5_hash": "518f55a70ccc91278fbfcd6b82d39475", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\1037641408f8f044b7533aa10d10d48c.xzzx", "sha1_hash": "8ac8072872947ae19882007f93f39136d2de6783", "sha256_hash": "d679309f5d54526e3f52daff0d9b57e3e05dacd81c322002a148ccd16fac1853", "size": 15973, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dc45c3afabd3181402af348a5117d5ad19007b23", "file_type": "created_file", "id": "file_240", "md5_hash": "4e87399c40fbfda8101d6aad53516284", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\b5a4f8d81d2bc280a6fb77022143a6c8.xzzx", "sha1_hash": "dc45c3afabd3181402af348a5117d5ad19007b23", "sha256_hash": "0907d363360d3006b669cd1381e43df64ea5cbe9b0885fc06aa62aa126745c52", "size": 52733, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9bed907ef3aec0312e411c74e4b8601cc80fc00f", "file_type": "created_file", "id": "file_242", "md5_hash": "8dd9d1b39acad994134ba22fd083d063", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\a191878831212978b3b60ce1354e0dc0.xzzx", "sha1_hash": "9bed907ef3aec0312e411c74e4b8601cc80fc00f", "sha256_hash": "b363630acd603d3ece19b269f42df9c629e86c6158c28b0d35c4e0c6b84c26dd", "size": 82499, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5347c2473d17fa039bff1d5f7e0568d5df042ffd", "file_type": "created_file", "id": "file_244", "md5_hash": "ab3e7f2a0e819e9b302d9d8aa1546364", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\6d35692c49d86b1ade80fada4df04f62.xzzx", "sha1_hash": "5347c2473d17fa039bff1d5f7e0568d5df042ffd", "sha256_hash": "da4d2b66f8a08969f6d0a9d0ff24fbfd6aaf586ddc98f3ec1649378680d89600", "size": 55413, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5f1758c04b8145e8b2c44189ead9cea88f2cc6de", "file_type": "created_file", "id": "file_246", "md5_hash": "dacbac43435b740f3687e55dbe3a50d5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\e003588e3da0b59dc1493ec641b899e5.xzzx", "sha1_hash": "5f1758c04b8145e8b2c44189ead9cea88f2cc6de", "sha256_hash": "0d113ad6c16f02590835e924dacdccddfb5a9fb0eaa16719c2af21afce3d5cd8", "size": 1365, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/454a9b49ff7875a3e75ccee586c95e0e52b79b8d", "file_type": "created_file", "id": "file_249", "md5_hash": "6090b1a158fb63a3abc0df52f99f0ce2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\54e892fc383d1fa0ee2d03953c6a03e8.xzzx", "sha1_hash": "454a9b49ff7875a3e75ccee586c95e0e52b79b8d", "sha256_hash": "7b52d0a7bf88d9e960ce48fa8bb318895d089d49a16c338c6355b5191a6dd9b6", "size": 84280, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c46ae251d9196e6dfdeaa9655c4345aadd8c4ad4", "file_type": "created_file", "id": "file_251", "md5_hash": "e5b58e6bae92e1066b3798d97eaf33b3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\23947e243409dc7caf2c62063821c0c4.xzzx", "sha1_hash": "c46ae251d9196e6dfdeaa9655c4345aadd8c4ad4", "sha256_hash": "4a4998a7614f46d66106c1d5ea6911de4260172e27a340120e7e6f9db191c33d", "size": 38117, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bca033c20eed042b2664a66a20b995f565cd1f3c", "file_type": "created_file", "id": "file_253", "md5_hash": "b2039def62d30e627c9b07fafd0673f0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\dae2cc280af9f39884d63acc0f1ad7e0.xzzx", "sha1_hash": "bca033c20eed042b2664a66a20b995f565cd1f3c", "sha256_hash": "7ce75bcfdf2deb2417f0d59e7cf10a04b240c6ebdec5cc8badef61ca508977ea", "size": 183, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d24985d4dc1fe659fb3dc15f9ce3c9d86a4491ad", "file_type": "created_file", "id": "file_255", "md5_hash": "62b16e19c99fd8243826e8e98950e495", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\323285543e8b2cb8c06cf7b742ac1100.xzzx", "sha1_hash": "d24985d4dc1fe659fb3dc15f9ce3c9d86a4491ad", "sha256_hash": "3d00cfde4b15dae436ce931573a8398c72eaac95a130b7120fb34d3257108a9a", "size": 651, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e0879ba8aa9a93bd697709922114e7801168ff0a", "file_type": "created_file", "id": "file_257", "md5_hash": "240b43be25efe63e1f408e37d9696c6b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\c1c4370f268a7d85910c485d2aab61cd.xzzx", "sha1_hash": "e0879ba8aa9a93bd697709922114e7801168ff0a", "sha256_hash": "2394a06d954932dfbc71dd95fadf5e3304bd14a5def37c4f7fd2edcd0304ba16", "size": 22519, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6b5b1ae1dcd0bba156462139fb9a264822a74186", "file_type": "created_file", "id": "file_259", "md5_hash": "e39b41849bdd0332d45672be272b4620", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\2addd7ce37de6c473adf3b8e3bff508f.xzzx", "sha1_hash": "6b5b1ae1dcd0bba156462139fb9a264822a74186", "sha256_hash": "ec4f62854d65ee70c596b1cf7843fe4324605a901cdb68980fd084a3d205ec49", "size": 46477, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1853ed29d85cd3a68e6a55bca6c94ae1b87678c9", "file_type": "created_file", "id": "file_261", "md5_hash": "f50774acf57afae5e71525f52faaeb25", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\d02310330d7f24f9ea0895e311a00941.xzzx", "sha1_hash": "1853ed29d85cd3a68e6a55bca6c94ae1b87678c9", "sha256_hash": "f09d7ebfab87b1f5b605a4ab9cab0772d90be17aced00706ea51b8b8bc94a019", "size": 91242, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9d5c9a5c469896835b553f2e3bef0e954a977a68", "file_type": "created_file", "id": "file_263", "md5_hash": "d10c818bb4d914da6dfdfea0bb01a7e6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\83899d5a26f059de25e7413f2b253e26.xzzx", "sha1_hash": "9d5c9a5c469896835b553f2e3bef0e954a977a68", "sha256_hash": "f9db39316db6031438344e25561408333082fa2dc2a8967577f745d83ac3ae51", "size": 31274, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/beddbe78af3e6370a6a59809b11242aaab0dcd92", "file_type": "created_file", "id": "file_265", "md5_hash": "bfa30e76fa7ddeac54bfaa4a1eb07dd6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\b7d698fe122efca3a766339e164fe0eb.xzzx", "sha1_hash": "beddbe78af3e6370a6a59809b11242aaab0dcd92", "sha256_hash": "cd1ac8c8c3478f065dfd69c339a4810f66ad589849aa7ecef21d4761d926a755", "size": 54294, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7dab36dea57ef6d29a6dc1ff3cc283ba344abe80", "file_type": "created_file", "id": "file_267", "md5_hash": "1a18f83d1a07042faae27ec212004fc7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\ba853e823c01028a03c2dabb4021e6d2.xzzx", "sha1_hash": "7dab36dea57ef6d29a6dc1ff3cc283ba344abe80", "sha256_hash": "5439703f2daa9c3d6e5b315f66b658df61e9779b172db5fffc8dbe7ce95c9987", "size": 65783, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e403e5b94824bc2d324dc41789b394fd6457d114", "file_type": "created_file", "id": "file_269", "md5_hash": "18c9e588a3fcda5adb0f02ce418b91d0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\ed39cab90ce3c63a3eaea7271104aa82.xzzx", "sha1_hash": "e403e5b94824bc2d324dc41789b394fd6457d114", "sha256_hash": "aa9262096177d24e6baac670a55493445557dc4111b074866193390946a7836b", "size": 98387, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/52aa49e6b317a4de2e5d00fd15303dff3598ef85", "file_type": "created_file", "id": "file_271", "md5_hash": "cdf7e813a81aa2b0444d0c9c98e29582", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\64527b001382d7bf4d0a170017b7bc07.xzzx", "sha1_hash": "52aa49e6b317a4de2e5d00fd15303dff3598ef85", "sha256_hash": "09e5b647e4f6278febdaa8cd3fdd2ee3548729c3600842c050f1667041bd9437", "size": 71080, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2974c0d5c602f3085a5d183f0ea7ce9b2219005f", "file_type": "created_file", "id": "file_273", "md5_hash": "c65a17cd098714e19d51cfc5ecdb1023", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\3c85a2c827b882d0ac42f6272bd96718.xzzx", "sha1_hash": "2974c0d5c602f3085a5d183f0ea7ce9b2219005f", "sha256_hash": "8eccb912de0bfb6be7171414cfec242e12e832ff858a84ea9d3d02e6020a4cff", "size": 37612, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fc01112eba47c1116ef298bf4311b05e72e69a30", "file_type": "created_file", "id": "file_275", "md5_hash": "6f57c4a8651b73f8ebd30047c283e841", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\c3e4f2c10c4d8eea8ebc635b106e7332.xzzx", "sha1_hash": "fc01112eba47c1116ef298bf4311b05e72e69a30", "sha256_hash": "3006c3eb7f514eb96d3f0af5780da1ec33aff5a95665e8da1b65b8d74ba6a330", "size": 36804, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/062d9cfbbd8011c45499117c2f484459b1d061b5", "file_type": "created_file", "id": "file_277", "md5_hash": "a3938aa865947f87071a2eb0677336fe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\663067de2a526aca340de0352e734f12.xzzx", "sha1_hash": "062d9cfbbd8011c45499117c2f484459b1d061b5", "sha256_hash": "1d589a287e67b3da350ad7f0f45e664ea02f4f539ec0ebab8faf40ecd2d31494", "size": 37059, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0e05d042c12507ea595ebb0a63ed35e89b1925c8", "file_type": "created_file", "id": "file_279", "md5_hash": "c4512fa0fd838f4c472e21203165bba4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\b7fe604f2a0f001fc8bf560f2e43e467.xzzx", "sha1_hash": "0e05d042c12507ea595ebb0a63ed35e89b1925c8", "sha256_hash": "4ce63ed0b14ed548f7f6c45b349981e8f7ecafb4af35038c13fd39be48f38367", "size": 13497, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2f386acd47075707a2c9129e4e9dc14f14dc0942", "file_type": "created_file", "id": "file_281", "md5_hash": "cbeaf2ca1e75915b0d8527205c9d9a6d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\38dc595e3788a5ba7503b1493ba98a02.xzzx", "sha1_hash": "2f386acd47075707a2c9129e4e9dc14f14dc0942", "sha256_hash": "2276d1562d166c8e9fb40b2ddf89f0b675a9ff3380f3cf4ec2ed570b6585ab4a", "size": 4719, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/133ec771ec03ab6d7d73039459dc118072665dc4", "file_type": "created_file", "id": "file_283", "md5_hash": "6d0125605db26c4e0f8b95565d282869", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\6fb07fde0cb60f86500f11cf10d6f3ce.xzzx", "sha1_hash": "133ec771ec03ab6d7d73039459dc118072665dc4", "sha256_hash": "f0ba3377a43ef0ad0b430587b05582891eea0379aefbbcd809ed818664008a9a", "size": 87162, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/87ffdf43d477a7b25a9bd0bc96d30d4445a59af3", "file_type": "created_file", "id": "file_286", "md5_hash": "a36bd7e43f7d725d97ff2456834a9002", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\06c3ecfb13862898aa23710517bb0ce0.xzzx", "sha1_hash": "87ffdf43d477a7b25a9bd0bc96d30d4445a59af3", "sha256_hash": "e9bf64a113c0da4269edc2323350071751316b8835f02d2b38a2f63b5a3a3aab", "size": 75181, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4566c17688b08cc14c7af469ff070345324491f9", "file_type": "created_file", "id": "file_288", "md5_hash": "32703d94c8004f5af95a05a2bf73eaec", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\3006c810075ed0f01f3de7c50b7fb538.xzzx", "sha1_hash": "4566c17688b08cc14c7af469ff070345324491f9", "sha256_hash": "61984fdcb91c76f9757601b8d417185e1f2ebd7e7de2895314f3dda6b774a6dd", "size": 73160, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/83bd1949721e63db95db45e0e84018dd6c7a63eb", "file_type": "created_file", "id": "file_290", "md5_hash": "61b4780ddb4cef52674aa59048ed79cf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\fa78694804c1e3566fc4cb7c08f6c79e.xzzx", "sha1_hash": "83bd1949721e63db95db45e0e84018dd6c7a63eb", "sha256_hash": "8a00c4f976df1de2adbd90e8a22f129104a2ed9f57ce7c5a041b19990de38d4e", "size": 11989, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3ca595c29dbd209784461141b7d7bfc7c8d0d05d", "file_type": "created_file", "id": "file_292", "md5_hash": "e6c9ccec10faa0d8161da037781654a7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\b02b14800a31a4c0c9dc8d360e528908.xzzx", "sha1_hash": "3ca595c29dbd209784461141b7d7bfc7c8d0d05d", "sha256_hash": "f45bdff37bbb68fc1df62adb356a7a9f0651505f8108e2aa567cff8b01c757f5", "size": 24789, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a36a2369aaef5b4e9613c09c1335bcf38a691b25", "file_type": "created_file", "id": "file_294", "md5_hash": "dac37b92f3b350f6db4cc8c5aef96ae1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\8f1540b007ab3ef89a8099c80bcc2340.xzzx", "sha1_hash": "a36a2369aaef5b4e9613c09c1335bcf38a691b25", "sha256_hash": "8c4626f55191efe770b12f08ffe6351d11a0e2a374b3a073ce099cf3294f0e60", "size": 86336, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c661ead23f9a7430689fadfea23026ec8595da0d", "file_type": "created_file", "id": "file_296", "md5_hash": "6fd0bc69ddcf19fc5c6254f0d7d6fc04", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\b1210aaa2257fea8b6b1d3dd268ce2f0.xzzx", "sha1_hash": "c661ead23f9a7430689fadfea23026ec8595da0d", "sha256_hash": "3e34bb38bea675be765d4d16174213990815f791bda2fd93b4d784149d72d019", "size": 70050, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d22a5c6e2dfdacfa2fff49fe49e44076742de1e3", "file_type": "created_file", "id": "file_300", "md5_hash": "a38e7e31386a89fd376cbca7680d20b2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\auosv3m 9vtnbjukze\\9y_m-ovb2iyyx\\dqopm\\04bba0d020119813f8f6e49024327c5b.xzzx", "sha1_hash": "d22a5c6e2dfdacfa2fff49fe49e44076742de1e3", "sha256_hash": "5088feebe02e08624518f48f079075aea5da9d5a7b91caf6e8afb07eef606342", "size": 43757, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5b0edfe55cbd86e40076750b0361601d2a41f4e5", "file_type": "created_file", "id": "file_302", "md5_hash": "7b4304e41f7e2c553114742cb9d2bffa", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7ec795ed37af1a88a52703f73bcffed0.xzzx", "sha1_hash": "5b0edfe55cbd86e40076750b0361601d2a41f4e5", "sha256_hash": "457c4ad3baf404b6283865e698490dfe8ff2758f4fd86a8c444f262f4b78b638", "size": 37217, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ef1a0dbe148270a9fc697f4f3891aa391b181041", "file_type": "created_file", "id": "file_304", "md5_hash": "81659e6d8a4d3f09a39929e30aa360db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c30cf4f82e58715357484b18328d559b.xzzx", "sha1_hash": "ef1a0dbe148270a9fc697f4f3891aa391b181041", "sha256_hash": "06a01b93de3a8dcee6931d6fa3a7366938f9add6be9c7cc2104001e1329efe9e", "size": 44731, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dc2b4e6e4a8c0fe07c3fc99f5e7740087c7c2d10", "file_type": "created_file", "id": "file_306", "md5_hash": "1cbd402274df267452bfa274914c6080", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7030d20732fb05ae512c0edb3744e9f6.xzzx", "sha1_hash": "dc2b4e6e4a8c0fe07c3fc99f5e7740087c7c2d10", "sha256_hash": "13d6c9a2cef91b9152e03494dd9c96f7d61db20e3481f14a0b711a1a78b5519c", "size": 40531, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/980220a4cd8e02421027fef530def248157b6ef1", "file_type": "created_file", "id": "file_308", "md5_hash": "cd06bb370021c00c6350b7c7eb47261d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2187c5602f1adaf08d4383d0333bbf38.xzzx", "sha1_hash": "980220a4cd8e02421027fef530def248157b6ef1", "sha256_hash": "87eed63d5aecb471b4c10378e295b09c1c8b35337a7cf93730a48f44991db1d4", "size": 101203, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/72c41275051c06e888584d8331a850c106b8d3b5", "file_type": "created_file", "id": "file_310", "md5_hash": "ad680a42bc85a04ed95419664b71014c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\3a2295cd2f8cd2df95e7618733c2b727.xzzx", "sha1_hash": "72c41275051c06e888584d8331a850c106b8d3b5", "sha256_hash": "9de74e25397160af6023ca1c02a2cc635a31a78be11a220c0e5a61f1aca943ca", "size": 74372, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7a58a71298700908b61c94559e20e00e497be127", "file_type": "created_file", "id": "file_312", "md5_hash": "34e27579b67f2c60e3489b22f44e591c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8f82071c3e6aa36071d28504428b87a8.xzzx", "sha1_hash": "7a58a71298700908b61c94559e20e00e497be127", "sha256_hash": "ac7ee8bd496dbbeaceab4f13c0474455b5112ddf3b11b3174e17e22dfe0bc0e9", "size": 67408, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/926b2738a05aff1e072012083cf4f38029dbd853", "file_type": "created_file", "id": "file_314", "md5_hash": "01ffabd8a351dd16efd5a36e839bd2cb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c87868381959cc9c63dbf2ec1d8eb0e4.xzzx", "sha1_hash": "926b2738a05aff1e072012083cf4f38029dbd853", "sha256_hash": "9bd9fa41c4c7088c3a63fe232a2c3af0df9238c54c49c158b005c564eb632e59", "size": 32405, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/06edf4db53b5e6070e80d887955502ac151ce838", "file_type": "created_file", "id": "file_316", "md5_hash": "b634e56d85233b3068a1cda8d98b5ba0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\567fb4290f0a7ce338c9770b132b612b.xzzx", "sha1_hash": "06edf4db53b5e6070e80d887955502ac151ce838", "sha256_hash": "dd608bf2ba28d95f65b04a4f7a03b27636e92c4c574970ae4dc1b36869bb3e24", "size": 45566, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/38c5bbea7d562bae9d38d8d7e42a5788983f02f7", "file_type": "created_file", "id": "file_318", "md5_hash": "68d2b9d24a7a4eece3b3da3ef613eb0c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6c73d824191052a8389547c51d5a36f0.xzzx", "sha1_hash": "38c5bbea7d562bae9d38d8d7e42a5788983f02f7", "sha256_hash": "bfccc4844078e6ed7b7365c2e475a1956e88fc8d3ead5836b3e9daf8a2fb550a", "size": 8641, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac7e7d4002833e90535056812b3a0b3493c7b2fd", "file_type": "created_file", "id": "file_320", "md5_hash": "23569ac415954190531f5ecef2910c70", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7e711d900e3b4440af6b05f612702888.xzzx", "sha1_hash": "ac7e7d4002833e90535056812b3a0b3493c7b2fd", "sha256_hash": "f2f0de02936d58418af02f1aaf9e73fc4fd54cb7c27fda4716412589e3875f7c", "size": 92567, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dba645106b2f139ca8882dd28d017118ffda5ba6", "file_type": "created_file", "id": "file_322", "md5_hash": "e551e7fa4a29fa1bdd5004f5080eba92", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6d777c541da727448f863c8e21c80b8c.xzzx", "sha1_hash": "dba645106b2f139ca8882dd28d017118ffda5ba6", "sha256_hash": "db8cf6f94f8591c38359eceb41968552dd73ee6f12e4aff3fb241a87ab9ea5dd", "size": 9773, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d90cc4e71ce9ef932f14392880b993f95454235e", "file_type": "created_file", "id": "file_324", "md5_hash": "9d724294c450865e4b5f6082b36e91eb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\f9ecb5d32975dbfcfcc9e4d92dbfc044.xzzx", "sha1_hash": "d90cc4e71ce9ef932f14392880b993f95454235e", "sha256_hash": "0cde438fabd02956bfe73b426c4d77fd405556dfdfd29eda2d20a4e2a439c27b", "size": 669, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4b9c1942066e6549c42c3c6f9232ad87c96ca7a8", "file_type": "created_file", "id": "file_326", "md5_hash": "d64ec1513e3a2028b1bd26c5982f823d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c22d6d6701d063bff430045506304807.xzzx", "sha1_hash": "4b9c1942066e6549c42c3c6f9232ad87c96ca7a8", "sha256_hash": "b484d77c382d22ec691ac430d5e130ae1cb374fef7b430060448d16a06c987c9", "size": 19700, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e5a9135494ec038a06a32c413329907dc65c3382", "file_type": "created_file", "id": "file_328", "md5_hash": "5c19c1cc897e424c8d26e9f929199572", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6274bc861b7171923c3788ab1f9255da.xzzx", "sha1_hash": "e5a9135494ec038a06a32c413329907dc65c3382", "sha256_hash": "becf1a665ce6667bc382264438668236dcf4b89b3ad4c7697ddbe0c31e102c7b", "size": 23042, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1f8b5ae02f12265019ac3b54d457b53ce2399c7d", "file_type": "created_file", "id": "file_330", "md5_hash": "04e263bd7644ed1d15968583f0c85d80", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\8facb48c4470f6be344be4a448a5db06.xzzx", "sha1_hash": "1f8b5ae02f12265019ac3b54d457b53ce2399c7d", "sha256_hash": "aaa15e7c186db31370e8d30bfc45566c632a9d396084c006fa1693558730e2e5", "size": 50569, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/001357c52d1031bd6d3a6764e82fa8a01c0a3413", "file_type": "created_file", "id": "file_332", "md5_hash": "9185e6da04755916803253af9610bcc3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\90eab1ce03d6a9ccf759aee907f78e14.xzzx", "sha1_hash": "001357c52d1031bd6d3a6764e82fa8a01c0a3413", "sha256_hash": "9c10e1ff51cad7520207b56e7392eae65aef9f9c91d9674653a9b7d121e05097", "size": 31169, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1be85c36b261c66588c7cd4a8462979ca6bbdf37", "file_type": "created_file", "id": "file_334", "md5_hash": "51690523a617ebe50ac0a1883185c57e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7852c7a011e028ad2e2e29a016150cf5.xzzx", "sha1_hash": "1be85c36b261c66588c7cd4a8462979ca6bbdf37", "sha256_hash": "f33574b0a57e60334e77e4105ea8a9808f3a7298b8ce7a4d223e83d96bcf4b93", "size": 47013, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/487c094ed491ff83d6513f93c508b37cdab2cfb4", "file_type": "created_file", "id": "file_336", "md5_hash": "bf885c283aac8029907978a700d28c6d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d59aafc73ffff3fe126a516d4420d846.xzzx", "sha1_hash": "487c094ed491ff83d6513f93c508b37cdab2cfb4", "sha256_hash": "647a0708d0862aaa1422ad1cb3d79dc1d3539e2310b3e6e4af3ffbd01fc719b4", "size": 27604, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/222a54675be37b3952fb6343f9f96f734fb84759", "file_type": "created_file", "id": "file_338", "md5_hash": "7596663e80c5c9caea6114ca6f82068b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\5c36794d2643414f2fe671172a8d2597.xzzx", "sha1_hash": "222a54675be37b3952fb6343f9f96f734fb84759", "sha256_hash": "8856bcb31fef06c8d5f0cd65c9ffb1e9c99808f31bf17f9b15c86c48e85bb8f4", "size": 2655, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/93c6016547de3971c69bf0827a61754ad150360a", "file_type": "created_file", "id": "file_340", "md5_hash": "f2f8598ed19d8f6d7fc95002641794f5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\6e0684500109fc98cfd71110053fe0e0.xzzx", "sha1_hash": "93c6016547de3971c69bf0827a61754ad150360a", "sha256_hash": "cd6441fa7fa8603b5b04f3c7715b5f7da02ce2e9e49e519aa1c08b2dfcceed22", "size": 20592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eb1ab5fdb1b57ada98f0dc5c0bfa16998cfdee86", "file_type": "created_file", "id": "file_342", "md5_hash": "295545ec293b2fda16e3532d4e5dbe1d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\a74bc39b153f2e46bb66a40d1960128e.xzzx", "sha1_hash": "eb1ab5fdb1b57ada98f0dc5c0bfa16998cfdee86", "sha256_hash": "b9999e05d1c62715c8230afe78c1845d4d8b35d395dcda7ad6090de58ea6d529", "size": 84781, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5b7f9e7513c1878e0734ab581a93b59409b3313f", "file_type": "created_file", "id": "file_344", "md5_hash": "0c38c9a7fa7be8d26f81566a8f49fb83", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d2fbb85013e759fe97cf4af0181d3e46.xzzx", "sha1_hash": "5b7f9e7513c1878e0734ab581a93b59409b3313f", "sha256_hash": "f337839d26055f6071b1f33341ce3ad192049d9771e48b99ad0e6a517cc090f2", "size": 46942, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/426f92a56a43e23d355476db00beca67ee96fae5", "file_type": "created_file", "id": "file_346", "md5_hash": "38b610a8b62b51bc570cc460507f97c2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7f23998a1acab3e49f720f0b1eeb982c.xzzx", "sha1_hash": "426f92a56a43e23d355476db00beca67ee96fae5", "sha256_hash": "49d72edd3a575011df385e021ec156f4ca56580d137c8413d8fcc2e41d94899e", "size": 59197, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e77f58c9a18ce67bf7a1843ce66e9acf8082cf5e", "file_type": "created_file", "id": "file_348", "md5_hash": "7d07ad934a01caaf679134e102069a75", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bd094ff047045ccab6a2a1584b394112.xzzx", "sha1_hash": "e77f58c9a18ce67bf7a1843ce66e9acf8082cf5e", "sha256_hash": "79b0b4db9243ff92bcb37125e93b3c9fb10546425b50b5fc6bdf5836e8644aae", "size": 33577, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1fa232b83b52736fb8f0655a92e924576572ed9e", "file_type": "created_file", "id": "file_350", "md5_hash": "07f3876b0b1fbbe40adf1c279dc9d611", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d5d72cd040472a6053677ef544680ea8.xzzx", "sha1_hash": "1fa232b83b52736fb8f0655a92e924576572ed9e", "sha256_hash": "caa63ac3eba72349a04935f69572ae048bdc7a61171c8d00288379d2d0710a3f", "size": 94467, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/18e7b70dd556d8f3f830a72cbfe12674811a8729", "file_type": "created_file", "id": "file_352", "md5_hash": "47fec316311c6319a6a865ccb3db82d1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\615936dc32228b708230065136576fb8.xzzx", "sha1_hash": "18e7b70dd556d8f3f830a72cbfe12674811a8729", "sha256_hash": "97d8dc83ea6f1d5830c5eea46050f636ce3e16ed0134cef66d8a99aa4b7c166c", "size": 69136, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cba62e16407081ed8d2c01926e6ac8a579061523", "file_type": "created_file", "id": "file_354", "md5_hash": "2ed84588e41a15610ab30ebdf40620cc", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\4ec1b3383cf01eb849835ef241110300.xzzx", "sha1_hash": "cba62e16407081ed8d2c01926e6ac8a579061523", "sha256_hash": "8d30a102ab82571d2d1fe19eb65efca02a98ae70e12db01f66c60a44934d9e38", "size": 48229, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8fb29a952586d6eda7a5a79cab386d6d0c4170b4", "file_type": "created_file", "id": "file_356", "md5_hash": "10c3b07487b5dfbd82efe187860a7741", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\7abc26d22c977f5cf918eabe30b863a4.xzzx", "sha1_hash": "8fb29a952586d6eda7a5a79cab386d6d0c4170b4", "sha256_hash": "f736167e5e548766d8f0c9992e6acefecad6f1b41ebd3bed7e412a041dcdc308", "size": 2746, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/950eb98385e5b0b938ebdb425e3a6b635cf9f624", "file_type": "created_file", "id": "file_358", "md5_hash": "f36474c4ab4ff1cb0bd644b916ad9ac5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\f28bd0f0084d975830f3b58e0c6e7ba0.xzzx", "sha1_hash": "950eb98385e5b0b938ebdb425e3a6b635cf9f624", "sha256_hash": "27781736d3003bf288ce12428a9a1e21611f0ff90c2b63b24da1c60ab6a904b9", "size": 9588, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7121d4e07e22a12ea72f8a3c784ba1f01e0f2369", "file_type": "created_file", "id": "file_360", "md5_hash": "094a2359ac86447e5f3db13cfe91b51f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fbb049370c08d85d799956bd1029bca5.xzzx", "sha1_hash": "7121d4e07e22a12ea72f8a3c784ba1f01e0f2369", "sha256_hash": "49bcc5d7767d0e60e148a7a3fa05212ecbb17b51de01967991693ea9eb8d2c0c", "size": 31418, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9a4d6802c563f1992b59c1dd035e49408037f24d", "file_type": "created_file", "id": "file_362", "md5_hash": "bbebf0b211b75de09879f9ae3e3acd39", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\609d61282fed0ee4afd8291a340df32c.xzzx", "sha1_hash": "9a4d6802c563f1992b59c1dd035e49408037f24d", "sha256_hash": "6d10c6f0542156494f43db2922ba5c6e38af60f2ef68441b49466d7267397965", "size": 100781, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9232e944a0cfaff9e8a0c670a84433ac86b65ed8", "file_type": "created_file", "id": "file_364", "md5_hash": "6d5c61fa21ddd8399443b98631828511", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\1698fa38038eb2cd51213bc807c39715.xzzx", "sha1_hash": "9232e944a0cfaff9e8a0c670a84433ac86b65ed8", "sha256_hash": "ffc33222f6669f600580db1d74967e9929dcb4e32bed6d28c954da9f942b6a45", "size": 26239, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9ea76e1e7e4fdfe00dc318bbb78a29fa88ffa2c5", "file_type": "created_file", "id": "file_366", "md5_hash": "aab06430aaf92867712437fdee4506bb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\d3d882303025b5406f9968d234469988.xzzx", "sha1_hash": "9ea76e1e7e4fdfe00dc318bbb78a29fa88ffa2c5", "sha256_hash": "b65cae3ef734966c27e94a37248256f1352a71e52273b3f8d2a5c9452500bd89", "size": 52095, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/642bbb34c26f1df2efcb7eb0f94015767d53b57a", "file_type": "created_file", "id": "file_368", "md5_hash": "541425fd978c554404f50b61e819aec4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\1971d3bf09924c93cb17194f0dc730db.xzzx", "sha1_hash": "642bbb34c26f1df2efcb7eb0f94015767d53b57a", "sha256_hash": "7a12c18b3f1d15faf8512ad4749161b30d057d78b249614808b87e1597e55079", "size": 60587, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0b137d47f5f53e9c90990ffb73a10f0cd373dc1a", "file_type": "created_file", "id": "file_370", "md5_hash": "55c3104f2dd7291cacbd39a453be9d02", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\c355f5402bedf72e504955a0300edb76.xzzx", "sha1_hash": "0b137d47f5f53e9c90990ffb73a10f0cd373dc1a", "sha256_hash": "34be4d446d835c46646f9b97dbe57e20095fb16c9761e2791928b542ed82715d", "size": 56754, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a65104672fb95244bdbd1e9ecbdb786cde463b4c", "file_type": "created_file", "id": "file_373", "md5_hash": "d3d6c4268c594e08cc24f032bb9c4d26", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\693610ce0e824d54f2368b0112b7319c.xzzx", "sha1_hash": "a65104672fb95244bdbd1e9ecbdb786cde463b4c", "sha256_hash": "ef722d1a887c8801eb2b2602eafcaf50d60690fd142006771476c31b8d069ec3", "size": 47624, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8a6d154f41e3aadfa51b578cb127097b26ba4308", "file_type": "created_file", "id": "file_377", "md5_hash": "1fc933c6c389660d5379e070f8e6479b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\c8d828ef44c6b909469a8e7948e79d51.xzzx", "sha1_hash": "8a6d154f41e3aadfa51b578cb127097b26ba4308", "sha256_hash": "1fda7167364df89482ee04ec4ab6a3eff60c71f0e89011b820cc18e9a2390631", "size": 447, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6f7f1dc14cbdd737031f33aa240c37558733533d", "file_type": "created_file", "id": "file_379", "md5_hash": "810a35c7716525d6ded92f9bee85a404", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\07542892440c59ca51177af248413e12.xzzx", "sha1_hash": "6f7f1dc14cbdd737031f33aa240c37558733533d", "sha256_hash": "a3006d1913f64cce51f93db711c8451d047a79ea8b6c98546159b2fd2f89840a", "size": 689, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a9a5757c693fa3a5bfb9bfc47b3bed251592e17b", "file_type": "created_file", "id": "file_381", "md5_hash": "96c1f62a37267d6c30d888e6a31055fd", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\22be9d582e5129d8aa7ce5bc32720e20.xzzx", "sha1_hash": "a9a5757c693fa3a5bfb9bfc47b3bed251592e17b", "sha256_hash": "761681e06985095d7d8b1a8b183dc0621bd21115ebdb601e1ed48587334ce431", "size": 431, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e44dc82bc6c36bec3a4d70286d73c4521c534d72", "file_type": "created_file", "id": "file_384", "md5_hash": "e2698baef276ddc3acfbfd1d25b89166", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\86a958f52ba3fcf7083cb8732fd8e13f.xzzx", "sha1_hash": "e44dc82bc6c36bec3a4d70286d73c4521c534d72", "sha256_hash": "47859f01529de4b40a18d0967add6b3bfcc58de85dbf51f2737ac60a82094d76", "size": 445, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/44168b8a7725834877f4aedfbc33bd024d02bc74", "file_type": "created_file", "id": "file_389", "md5_hash": "c0273bea1fe271b78d77935015117738", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0fcb2df10ca6b6cb526033cf10c79b13.xzzx", "sha1_hash": "44168b8a7725834877f4aedfbc33bd024d02bc74", "sha256_hash": "9779b2f54756480cad5849ff876167af65e86e44c43c5c9acafb187eaa13b2bd", "size": 47806, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1a2a0232c482bd36fe6145b428578d0c79c2f73d", "file_type": "created_file", "id": "file_391", "md5_hash": "6c76f521e8052a2c0d16f400c5f392f6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d89af8f8162b0dae766745d41a4bf1f6.xzzx", "sha1_hash": "1a2a0232c482bd36fe6145b428578d0c79c2f73d", "sha256_hash": "bfb9ff0383a8d35f2f9ef548a90c43515fc50af1a8e3f3fa85d585427c61c49c", "size": 669, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d30158fd564514919ed9a55a3789423939b0070f", "file_type": "created_file", "id": "file_393", "md5_hash": "4e358143fb249a43799f967628295fbb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\f12649bc389976c6163ced043cce5b0e.xzzx", "sha1_hash": "d30158fd564514919ed9a55a3789423939b0070f", "sha256_hash": "45f1b4f65948867edbb7114947a59667bfa6059287df2d97554fb104b3fab140", "size": 96630, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6bfc8fc2c5f6da17049072387b521f261c3b15cd", "file_type": "created_file", "id": "file_395", "md5_hash": "7d1525739a5a47d9d5eb1360364c5aaa", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\23b23ff43a95b5a94696d7543eb699f1.xzzx", "sha1_hash": "6bfc8fc2c5f6da17049072387b521f261c3b15cd", "sha256_hash": "f1152588a7ad2781512b607cafeb9d9b3b3a9496f5c24e76793fad0b9e062afe", "size": 43730, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/360732bac5ee32964fb942bb05e0c6db634c8220", "file_type": "created_file", "id": "file_397", "md5_hash": "a5a026fe74cbb136fef1cb833b1cda43", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\d0384500388b9600f42b1ae33cc07a48.xzzx", "sha1_hash": "360732bac5ee32964fb942bb05e0c6db634c8220", "sha256_hash": "edeb847410ca033b7f2987c11c3597072600f998c6df602593857269655b2087", "size": 36809, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/697b8c06fe0fabb93462c8651eb0ad9cc7e45a06", "file_type": "created_file", "id": "file_399", "md5_hash": "7275ce7acb7f3f81f9f21a0c5ecf2705", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\3a21fb2547cb7719582a8c7f4bec5b61.xzzx", "sha1_hash": "697b8c06fe0fabb93462c8651eb0ad9cc7e45a06", "sha256_hash": "9c1df9225e129ce2b8db1a4cb170dbeb31610bd41b241b6e762c6c513ae46614", "size": 28673, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b089f371135e64dee23157ed1b0c143f105dbfbe", "file_type": "created_file", "id": "file_401", "md5_hash": "804550e8001e7d53b6d770be9ca42b13", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\02d7186c2a67434f1071035c2e882797.xzzx", "sha1_hash": "b089f371135e64dee23157ed1b0c143f105dbfbe", "sha256_hash": "3c6cdc04520306938d618abb452c00594e5b89e6e98b4c4990987896c6e54a1b", "size": 9432, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d534dd10677629f117dd1ba8bca275e4bdaace23", "file_type": "created_file", "id": "file_403", "md5_hash": "3331b52d364a9e4466a1c5c535bc4d8f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\0790b504415f6e976181b814459452df.xzzx", "sha1_hash": "d534dd10677629f117dd1ba8bca275e4bdaace23", "sha256_hash": "44638b9d357d79e83ce092d356d1b481fc387909e2688b2f23aaa6f2525f869c", "size": 26715, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c7f0ede7939812064de230a8611d7d2f2d72b56", "file_type": "created_file", "id": "file_405", "md5_hash": "95a530c63a7a514497274282375130a9", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\816af2da29d3ebef5d033a6e2df4d037.xzzx", "sha1_hash": "5c7f0ede7939812064de230a8611d7d2f2d72b56", "sha256_hash": "72fdc59adb159c79b986e068e6726a9799eff311c9764364153c9645daceb5a7", "size": 14882, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7e8037f4a55b65011b3bdeb45c04590938e69fcb", "file_type": "created_file", "id": "file_408", "md5_hash": "8fc16b1ffef0d188c1a188886a5098a6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\d1b4bdc437a182a42497439f3bc266ec.xzzx", "sha1_hash": "7e8037f4a55b65011b3bdeb45c04590938e69fcb", "sha256_hash": "3fbfac0d468a0702c3843735d3cadfd5fad1ed1f2e7c64877b432ce063ffe5ef", "size": 64071, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/37a7782a2b8d5c54d31ca5b208fb78e008cc4055", "file_type": "created_file", "id": "file_410", "md5_hash": "597ab5b1ffc533de548dc25f2ee07ec3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\3509b27c28c34484e701f4a52d2d28cc.xzzx", "sha1_hash": "37a7782a2b8d5c54d31ca5b208fb78e008cc4055", "sha256_hash": "9398e3683eccca4eff90405b9307c99a8490e245d037f3fc1cfe41633d9610b6", "size": 11317, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ce11e2bfa1ea7755436e29e680954a8b40135aa7", "file_type": "created_file", "id": "file_412", "md5_hash": "4657fce65f8c9bc65dbd71d4c926f589", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\18ef94cc2373db0bfe65ead427a8bf53.xzzx", "sha1_hash": "ce11e2bfa1ea7755436e29e680954a8b40135aa7", "sha256_hash": "34b39e9fe52e23ad6e7811a59b9b45e29c6dece1565ceccf33eade01da4f6176", "size": 7698, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0e7943508615aeca521fe0b08bf75f36ae8353b2", "file_type": "created_file", "id": "file_414", "md5_hash": "1dc8d677ee5344f021c9b333c20f122e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\5bbecda81a1e287c9df89f941e9e0cc4.xzzx", "sha1_hash": "0e7943508615aeca521fe0b08bf75f36ae8353b2", "sha256_hash": "ca2883b180d77e3d41d5f44e96c6f7c0d88effb49bcc5b1cdecdabe1e558d54f", "size": 10736, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/72e9ec2de8942e0bd74a0a5ddae6f4907768a211", "file_type": "created_file", "id": "file_416", "md5_hash": "836699ba89a0a5b5b1681da8a56ec663", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\36d405da123e25ccefb9a7dd165f0a14.xzzx", "sha1_hash": "72e9ec2de8942e0bd74a0a5ddae6f4907768a211", "sha256_hash": "fd813ade09c7ac193031b72537a6c00ded82ee77b086b9cab48b9801286e4d0c", "size": 7622, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/08444d9c21db9fa78ef57565322feb6d038ad8fa", "file_type": "created_file", "id": "file_418", "md5_hash": "b4c67644d02d878f409214153fd2b6c0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\7b22a6161cbf8aa2c5439a5220f46eea.xzzx", "sha1_hash": "08444d9c21db9fa78ef57565322feb6d038ad8fa", "sha256_hash": "d6fc68cd66d47ff4e97e2bf2284e1fbbd889f74d769de9bb210abf1b1751c32c", "size": 48603, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/17fd56f4025bde384c595e41345e755721c6b01f", "file_type": "created_file", "id": "file_420", "md5_hash": "d2c138bdda877fbf4462cbf90e92d6f1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\2ss69ds5b7dlsjshty0o\\6b0fb14d2fcd29f7cf6e219f33ee0e3f.xzzx", "sha1_hash": "17fd56f4025bde384c595e41345e755721c6b01f", "sha256_hash": "2f766400303166cbeadcd011255fd9e563be3298a82fc4776c0878a5fd4d4773", "size": 89392, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/95b29139f506b5fc1996cb08a82a917965f7bea3", "file_type": "created_file", "id": "file_423", "md5_hash": "bd94eb090d2af2e598bbc395f565c482", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\60ca942226aa4a29961b00962adf2e71.xzzx", "sha1_hash": "95b29139f506b5fc1996cb08a82a917965f7bea3", "sha256_hash": "7c7567d149cbd3c3d5efb0d49cae5d6e734e8f27ccc2cdfb5e57c560741119a0", "size": 20470, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/49ad6628af65b573a3b4e140aedda62dca6a5fa6", "file_type": "created_file", "id": "file_425", "md5_hash": "9bb5fd3d899b97b5bd4f7b76d1cf90cf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\e29c4433332b9d3db3332d67374c8185.xzzx", "sha1_hash": "49ad6628af65b573a3b4e140aedda62dca6a5fa6", "sha256_hash": "ef02398d08458affa027ac7ad182fbbf0b2ba98124a250cb5837ef26c3eb08b5", "size": 40865, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/193260733bfadcedbe6a9a8db792595a3e408be9", "file_type": "created_file", "id": "file_428", "md5_hash": "49ecd7884f0a2df5eab6568b8b60dc21", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\dtms 07a7aq-xeuh0\\o903hcw\\fbba7efe065ec5da534929ce0ac8aa22.xzzx", "sha1_hash": "193260733bfadcedbe6a9a8db792595a3e408be9", "sha256_hash": "a3c2775c9707904f226c3afad21406a591036fada581daa84ca9de8eb0cf580f", "size": 44540, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5803359577787bcf7ae282a1bbab6b9cbd2b3fa4", "file_type": "created_file", "id": "file_430", "md5_hash": "5b7a9da311e90dd11ab82627ce8a27dc", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\db53a738127ccaebb87d0318169daf33.xzzx", "sha1_hash": "5803359577787bcf7ae282a1bbab6b9cbd2b3fa4", "sha256_hash": "4a409fdd2b42d79481ea8caeb8991789776fc658e3e4b4f02ba6503b0af1934c", "size": 100024, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/86b6b0108ccd25b96495100055f8fe3d2e1a3e9b", "file_type": "created_file", "id": "file_432", "md5_hash": "cc4f877c76d57a18a17bea3354a5f616", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\3b9fb280013c30bc79fe404005721504.xzzx", "sha1_hash": "86b6b0108ccd25b96495100055f8fe3d2e1a3e9b", "sha256_hash": "6b08b68edae066df78b307fb94f49c67f9fdd0632380f70e7c2107ba9de854ac", "size": 11191, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0b27d4152f0b0308cced733870cd6fe22f70b78b", "file_type": "created_file", "id": "file_435", "md5_hash": "34296a05465eb4a28ba8478e78c39fce", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xarijr5atdl\\adbc71e42fba59e00d479b5f33db3e28.xzzx", "sha1_hash": "0b27d4152f0b0308cced733870cd6fe22f70b78b", "sha256_hash": "348c3dba179ddc8a2c4c0d5bb81e886afdfd7e5e76878a31a7cd9064249579a9", "size": 72408, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5e4f0ce86acfb7b720f20fbece6aeab07fa6a082", "file_type": "created_file", "id": "file_437", "md5_hash": "3289c077c99e642a1b267a1b060a3afd", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\bdd25f14384cc362cbd33ade3c6da7aa.xzzx", "sha1_hash": "5e4f0ce86acfb7b720f20fbece6aeab07fa6a082", "sha256_hash": "e52a6ec5e67ffebc561f10a4e73918e8d91e4688250448a2ba03426f6cf660af", "size": 95687, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2c78334ac941f280ad5e346dd41202c41bda7e85", "file_type": "created_file", "id": "file_439", "md5_hash": "f0a3b98bb1245eeeaaff13fc39635eff", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\8181dc6820279a95628fb268245d7edd.xzzx", "sha1_hash": "2c78334ac941f280ad5e346dd41202c41bda7e85", "sha256_hash": "305b4ce3d21ff13a21874d32c30453600d5faf1e847659d801592e12aa75293c", "size": 25193, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c29e2e116b9a017537094c3606558b780da6549c", "file_type": "created_file", "id": "file_441", "md5_hash": "d2adcf55c513781c3a0ff0aca1610a93", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\37e85546159c2e64b110da791a0612ac.xzzx", "sha1_hash": "c29e2e116b9a017537094c3606558b780da6549c", "sha256_hash": "107d60e5d312b72daa6cd8f07ba404c2b1b1c37625bb2486a57dc65f981e8a1f", "size": 53387, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a6da62cfd14fce05dba048b0075bc090580e7a2a", "file_type": "created_file", "id": "file_444", "md5_hash": "5ccf7d4e5a3ea00b039c7db57a91d20b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\89dd89fe1bc33afa435ca8a71fe81f42.xzzx", "sha1_hash": "a6da62cfd14fce05dba048b0075bc090580e7a2a", "sha256_hash": "2597a5dadd07f0095f2a769dc58eb1c343dd894af0dd20618accdc1a92845793", "size": 96218, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3f6b769b7209fff99d1f7c531c8a657e66f3c89d", "file_type": "created_file", "id": "file_446", "md5_hash": "6c8489d244a368498979a0cd5539ded4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\04bf022041d4f9a43c1202c84609ddec.xzzx", "sha1_hash": "3f6b769b7209fff99d1f7c531c8a657e66f3c89d", "sha256_hash": "1b184a04ebbb0dfdb2b9cd87e6f9acebb2a590bc6123c591cfd44726f1916df9", "size": 67087, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7457b0c2e8e4b3118791ad6b3939d0058c7ed3fc", "file_type": "created_file", "id": "file_448", "md5_hash": "8a27e67fbb78157633b21d99f0c7282f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\1cb22af03a177b10110664b53e3c5f58.xzzx", "sha1_hash": "7457b0c2e8e4b3118791ad6b3939d0058c7ed3fc", "sha256_hash": "0e5c9dfa5cdf5b9d8acb7684b179d3a2faf8985a889e01d1680aabd645d18975", "size": 89051, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/48aabba1a0a0f96caea07c5446bf15061608f557", "file_type": "created_file", "id": "file_451", "md5_hash": "5e56780a1de42366d923fccefc6e06ae", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\7b5559382a0fd2b4c13f23862e44b6fc.xzzx", "sha1_hash": "48aabba1a0a0f96caea07c5446bf15061608f557", "sha256_hash": "6f0dd064e70b8baf81acb65512cdea5fc5347541cb2ffd7a619e81b774965eff", "size": 8693, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/388da3051632c38732ce931ddc5eb939c391f847", "file_type": "created_file", "id": "file_453", "md5_hash": "75c805096f37b62dacad6b6a70fddb1c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\z-_06k\\wpc5n64xvm\\e3086e520d4ee960428796111173cda8.xzzx", "sha1_hash": "388da3051632c38732ce931ddc5eb939c391f847", "sha256_hash": "1319d7be3eda3975014e5099a83c900b830575f57b53ba1dc7cba5e4ef1d5b70", "size": 9132, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/852006f7332adb918603f644109950adc09e9cd3", "file_type": "created_file", "id": "file_459", "md5_hash": "0891752ebc90dac12b5b050aaab970ce", "norm_filename": "c:\\users\\public\\9665d59245322dd390020d724953121b.xzzx", "sha1_hash": "852006f7332adb918603f644109950adc09e9cd3", "sha256_hash": "67698a3c14bba57840b473f9af3667d969c1fcd1ccf9c42f8bb5c57a1004565a", "size": 339, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ebbeb9a1fad843d79e1677b5e0eb7a9c4224ab1f", "file_type": "created_file", "id": "file_462", "md5_hash": "3fb369a47db4261bdc49e7e4a2a29f92", "norm_filename": "c:\\users\\public\\documents\\94338bda105a8f7e16cc5903148f73c6.xzzx", "sha1_hash": "ebbeb9a1fad843d79e1677b5e0eb7a9c4224ab1f", "sha256_hash": "e357e3ce089f949aa8a0f6dba3c8db6f6cf500e5812221b5bfd656a58b74f75c", "size": 443, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4f155b0d4ef3097015b5e98e4858f88fd2406b95", "file_type": "created_file", "id": "file_466", "md5_hash": "bcdd7b264e921d42ccaa60cd609d17b6", "norm_filename": "c:\\users\\public\\downloads\\bc1d727a30ed2409a03b25c6350e0851.xzzx", "sha1_hash": "4f155b0d4ef3097015b5e98e4858f88fd2406b95", "sha256_hash": "29394518a819e0de6cfa26c66940708cd4426df3d74450c7a95776bd72a8f874", "size": 339, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/00b2a15d997924601a522a3b353f9f817224bd24", "file_type": "created_file", "id": "file_469", "md5_hash": "59ae19796ff834f91a4f14bbb53f58a6", "norm_filename": "c:\\users\\public\\libraries\\721728630b1f6bb259c033230f404ffa.xzzx", "sha1_hash": "00b2a15d997924601a522a3b353f9f817224bd24", "sha256_hash": "0cdd2a9c7e81f46e9f0d9ae5a9428dd38e99d98c91ea605959d87efacb1495c3", "size": 1061, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/590a2c5977581ee81b162013290b8c71398ab99f", "file_type": "created_file", "id": "file_471", "md5_hash": "a2d1b66694eaf311747b3500d84f5a9d", "norm_filename": "c:\\users\\public\\libraries\\50c930c63ecf303723410a464304147f.xzzx", "sha1_hash": "590a2c5977581ee81b162013290b8c71398ab99f", "sha256_hash": "49d99bba648588ce463e8e0107123eacad2b08b119e41b1e03ff3af8753f1a9b", "size": 253, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2bf4ec3bc21bdab756efc16381fd45e4773ca079", "file_type": "created_file", "id": "file_473", "md5_hash": "ad44d7a777871689ca0f1fb07c37f371", "norm_filename": "c:\\users\\public\\music\\de133762273869a1ce952baa2b594de9.xzzx", "sha1_hash": "2bf4ec3bc21bdab756efc16381fd45e4773ca079", "sha256_hash": "22030c34b18471b52ed52c2fc9c177a827401a1694145e2904ef89dea12ba1cc", "size": 545, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/148ecdde9f071747f28b789891330079eaa3b445", "file_type": "created_file", "id": "file_475", "md5_hash": "b184b55c67fe558a3f5689d1a4bacb69", "norm_filename": "c:\\users\\public\\music\\sample music\\b2babb8113becba807b8242f17f3aff0.xzzx", "sha1_hash": "148ecdde9f071747f28b789891330079eaa3b445", "sha256_hash": "a1d538d6b558f44b0fda34124437294a6b0717ac5f1467b23443c876b8b63e69", "size": 751, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/969943096e8451a26ecfb1cb4068f033023143c9", "file_type": "created_file", "id": "file_482", "md5_hash": "b7b47dba0cb8bf928ed3d08ccea8506f", "norm_filename": "c:\\users\\public\\music\\sample music\\1758a0bd1a6f8ce6b3a600c11e90712e.xzzx", "sha1_hash": "969943096e8451a26ecfb1cb4068f033023143c9", "sha256_hash": "d29733d25d73923965d5a62de18c7b5d8658335bf59f9481ff4134a0daab8ebc", "size": 8414614, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f51704a90830eb08eaa4004c13d5b923352ec198", "file_type": "created_file", "id": "file_484", "md5_hash": "6c348891000c92c184a4cee6af48111e", "norm_filename": "c:\\users\\public\\pictures\\4fe187580c1ceaecf1249fc21086cf34.xzzx", "sha1_hash": "f51704a90830eb08eaa4004c13d5b923352ec198", "sha256_hash": "500e1ba9f43a8dbf2aaa34c91c6145f36589817504b34468f9a2ead141a2bd81", "size": 545, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1a9d1276e9ce89bbb7d57f297caf4b3e7e44b2bf", "file_type": "created_file", "id": "file_485", "md5_hash": "a02aec4728613cce3cfcadbf233fa37b", "norm_filename": "c:\\users\\public\\music\\sample music\\a308b77e2f1e65bb59ecacae33534a03.xzzx", "sha1_hash": "1a9d1276e9ce89bbb7d57f297caf4b3e7e44b2bf", "sha256_hash": "ab30d9eca9fadbb58f5648817e0baa42355fb44929232471c6dbfb2900704942", "size": 4114075, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/15280c070e3d7d852e3374fc205723ab365ccfa5", "file_type": "created_file", "id": "file_487", "md5_hash": "18378900f89e304a8d26f7043d19f7d3", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\28f3174e3d47a1acf4b1346741c785f4.xzzx", "sha1_hash": "15280c070e3d7d852e3374fc205723ab365ccfa5", "sha256_hash": "d46a6fba15dff761ae17b23f5623f57888f2f9cf89504e7afd38e5f100d803e1", "size": 879571, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/316e583d4f6c465f0a21d86964c9f7a7b18b8789", "file_type": "created_file", "id": "file_489", "md5_hash": "901b205094ff969c906d36f93e0dbd8c", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\d1fd6140114402301247cbc41572e678.xzzx", "sha1_hash": "316e583d4f6c465f0a21d86964c9f7a7b18b8789", "sha256_hash": "a227140ced9d23d74f8c15458b3b636ec9144130d9b6f4414a23d25c045738a9", "size": 846104, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88c26d8c46c1796d5f90516ad6a202ab04cb96d8", "file_type": "created_file", "id": "file_491", "md5_hash": "cbf4876ed0c4c57bc0f6ef977287ee4a", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\2980fdfd3d56218ae4f6e07941e605d2.xzzx", "sha1_hash": "88c26d8c46c1796d5f90516ad6a202ab04cb96d8", "sha256_hash": "2399c4394c79441c6711fc35c2983857bf00b774e851f0dbcd6dbe58698ac2ae", "size": 1285, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e194fe3ec1332f455df08db1cdb770df7238a547", "file_type": "created_file", "id": "file_493", "md5_hash": "ea2350eba4d19301ec89c2460a22cee3", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\a59acd7b3af5e74b902550773f95cb93.xzzx", "sha1_hash": "e194fe3ec1332f455df08db1cdb770df7238a547", "sha256_hash": "8e7c6e5e4d579dcb083aeed29c16a6ecda7214ede3101adced6e75fc242485af", "size": 595455, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d54d84c8bfe1d66e395e0f21196217236bf82e92", "file_type": "created_file", "id": "file_495", "md5_hash": "764563744807fcd3daafddfe57abac8f", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\fa4bf7a60f1f0c98b1c0f8be134df0e0.xzzx", "sha1_hash": "d54d84c8bfe1d66e395e0f21196217236bf82e92", "sha256_hash": "08cd68152727103af96698ec06376768cb2b77a80819ea7327ae3f602dde61ac", "size": 775871, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ee5519794478e2eff4c509bc63c1161dc83218fe", "file_type": "created_file", "id": "file_497", "md5_hash": "d849c7084f501697a5c2197b24dcf0c4", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\4bf5528040685af08ee9fd2844da3f38.xzzx", "sha1_hash": "ee5519794478e2eff4c509bc63c1161dc83218fe", "sha256_hash": "3758284a663f556b3dc898173d4d26a37323dffffe6071b25f231a98acc16c13", "size": 780992, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3322c081a58b29899c3ecef3e110e38d309c469c", "file_type": "created_file", "id": "file_499", "md5_hash": "958344aa07574b253dd767216b61542c", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\0fc22e9a1aa1fd13e54a88961ec7e15b.xzzx", "sha1_hash": "3322c081a58b29899c3ecef3e110e38d309c469c", "sha256_hash": "4d7c6a79e46fc0ebdb14a2465eb1a89edb45d4b0061126ce7b81068836fd9cf3", "size": 561447, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/02d264420c5324baa0dd87f0cfe715bea928264b", "file_type": "created_file", "id": "file_502", "md5_hash": "fe91f819807b8ddf49e32596d9098f4e", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\847d57104b178490f8f2d4b74fa568d8.xzzx", "sha1_hash": "02d264420c5324baa0dd87f0cfe715bea928264b", "sha256_hash": "d2fafd4d9dbac9208f1b6f8fe9e0e04953e08e91052530f7d9e4382047dc0ffb", "size": 778002, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4965df95e26ba0e597f8b993c5c95bc94d37aec2", "file_type": "created_file", "id": "file_505", "md5_hash": "b35c78eaccd098555e18b4c658cc0c06", "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\cdc4aaad0836755b78d170410ca859a3.xzzx", "sha1_hash": "4965df95e26ba0e597f8b993c5c95bc94d37aec2", "sha256_hash": "ca7beb4a5502023e82dca26fd0b3982091ba7384ee72345b6c2ea31446bb5ff8", "size": 621051, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/880e4e3ca365ec2582600c8414151c628fb4f495", "file_type": "created_file", "id": "file_509", "md5_hash": "0ee588dd9a445dce1444d14054f14fca", "norm_filename": "c:\\users\\public\\recorded tv\\1edf30f91e98b984e23edaf123369dcc.xzzx", "sha1_hash": "880e4e3ca365ec2582600c8414151c628fb4f495", "sha256_hash": "ac395f6ac161e70b123d3b0cfea6b332efd736f1cc081c4fa9c9fba4244b157a", "size": 245, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6e94c974d05d6d76a510f8d166d052f613f9f614", "file_type": "created_file", "id": "file_511", "md5_hash": "17de83ba5b884fb0273d4bbf87838ad7", "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\39d4778c1ca7a7942937668620db8bdc.xzzx", "sha1_hash": "6e94c974d05d6d76a510f8d166d052f613f9f614", "sha256_hash": "447227d6d5b4a87a4436a47849afcde1d0ac2432ac46941e9123bce43e623a0b", "size": 336, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/49682292020058e6b761843ec235fe5c9a06519a", "file_type": "created_file", "id": "file_513", "md5_hash": "e5fbf8b2b37758c80fc28a8e46b8e0ad", "norm_filename": "c:\\users\\public\\videos\\9c0539442839caf8e19e36092cafaf40.xzzx", "sha1_hash": "49682292020058e6b761843ec235fe5c9a06519a", "sha256_hash": "43508baf8ca3930d46c2a29f3549553c54579fab7d6e8a53272a7dff6294e5c3", "size": 545, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fe2c459a5b0893bf649493cf3dabefc1d8465a04", "file_type": "modified_file", "id": "file_6", "md5_hash": "e19f6a2e69e48e7d3720742c99392583", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "fe2c459a5b0893bf649493cf3dabefc1d8465a04", "sha256_hash": "a2e604e0daeabffe3f4ec44de6ad8e026cc5ed2487491470c696e546066356e8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/40d5718a729c455ce1201b6330007d01c1dbea4d", "file_type": "modified_file", "id": "file_21", "md5_hash": "814f1b08ae92bd5d4d25d4e42ab28f2b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "40d5718a729c455ce1201b6330007d01c1dbea4d", "sha256_hash": "061e44965d029cb150381860cba131d230ed49a817f89128f0f885a5cf295e7c", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/def3e37c0ee3e1c48b20e315345ea79403966398", "file_type": "modified_file", "id": "file_23", "md5_hash": "4e95e0cf613c8e5b346f18b1da242624", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "def3e37c0ee3e1c48b20e315345ea79403966398", "sha256_hash": "3ff33cda6bf81cd651c0848ead9c85268f483cab41a65e2d22730e8ec442ccf0", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5bad17c6f209bdebb28e1606fa9f14ece3dffeb3", "file_type": "modified_file", "id": "file_24", "md5_hash": "149039c782d26be150787a53c60b0fb8", "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", "sha1_hash": "5bad17c6f209bdebb28e1606fa9f14ece3dffeb3", "sha256_hash": "dfb87c3b75ba2525237c00a764bff401e5e8b03ff4ef2c6fcfa72626fbcc7515", "size": 3170463, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2f90d80e055549767a26b23ca20966e72ab5f1e8", "file_type": "modified_file", "id": "file_25", "md5_hash": "4cee43f4c870b967aa8491d3cb0abb17", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2f90d80e055549767a26b23ca20966e72ab5f1e8", "sha256_hash": "f8a09519205e9131a83026547b9a53d6f03d413c1215fb638c75ac135fb6f8d0", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/39216ecbbd1a8402bbf9c24ab0933a15c80d0d18", "file_type": "modified_file", "id": "file_28", "md5_hash": "7af68820a4f620b83c4406bd45612a54", "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim", "sha1_hash": "39216ecbbd1a8402bbf9c24ab0933a15c80d0d18", "sha256_hash": "2be045ba74174227aea2172dc348655bd52185d0f3587708df15a3362272e895", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/19c00557f4e8604aa7ab6364df4472133c2dab65", "file_type": "modified_file", "id": "file_29", "md5_hash": "f7e9f993db856ce27a1001de530fac37", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "19c00557f4e8604aa7ab6364df4472133c2dab65", "sha256_hash": "141c64e29296dd473d8bc09d5913f92bb48b5eef3cc28141bf2b1437796533ba", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6d6506098ffdc2a8410c7194c95ea3e99f0abbbb", "file_type": "modified_file", "id": "file_35", "md5_hash": "13f9c6326eacfffbd799d5bfa822e37f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "6d6506098ffdc2a8410c7194c95ea3e99f0abbbb", "sha256_hash": "f02c59939ff03d407ba4cb24f9c3d9022a8c96708c5001e2e862e5b4ac7c6aa8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/579bee8d32d1493698419c2db57f3ce210972e28", "file_type": "modified_file", "id": "file_37", "md5_hash": "5e4618d7238ce7c835c48f52b3745179", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "579bee8d32d1493698419c2db57f3ce210972e28", "sha256_hash": "1b5b1a577db475c1468fc45309933e50a5c56248e9aa93cdbf0cffb1ec97847a", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3935947456850c06664902309d8fd42cf466fd77", "file_type": "modified_file", "id": "file_39", "md5_hash": "a59e64a9ee39336312f7d611b15a8aa6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "3935947456850c06664902309d8fd42cf466fd77", "sha256_hash": "f94bcf4086220cd1cd08aa968bd72350d2a606fc736610cf1ad2221bee9fce07", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2b0e0b58962ae724048f0213fe37db29cae49b27", "file_type": "modified_file", "id": "file_41", "md5_hash": "a8a86b009e428fb06407c9af0876d3a7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2b0e0b58962ae724048f0213fe37db29cae49b27", "sha256_hash": "2ace2b74273eddd32d0f02e3a2b3f182bcf2e844ebf09359af2dee67f6257b7f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4c15db48ca94b7da81dedc2df7020aa0d5c4221d", "file_type": "modified_file", "id": "file_43", "md5_hash": "0f92a1788ac3fea4f1cde6e4b3265ea8", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "4c15db48ca94b7da81dedc2df7020aa0d5c4221d", "sha256_hash": "46dd7740d8c369e4d4c209f04c0fce8eb2aecb2c56dd93587de385d6eadd4623", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/396ac06a71fd5b6bbcccf6b11e39eccf1c6e30a2", "file_type": "modified_file", "id": "file_45", "md5_hash": "8f6e63f0d53ee35d5492e53d9ad33263", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "396ac06a71fd5b6bbcccf6b11e39eccf1c6e30a2", "sha256_hash": "1ae5c7aa3c29d0ebd5b339c7e2da91fc5486e662d77e9411f3a0dbea7b1ac665", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ccb374c385c7eb66ccd236f06f2699cf960b48cf", "file_type": "modified_file", "id": "file_47", "md5_hash": "8b93b3602a27797ca735b7ffb26332e2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "ccb374c385c7eb66ccd236f06f2699cf960b48cf", "sha256_hash": "cd2ba8aaec06a3d1764ab616c7bea3a1385a958b47b214889835e23a97beb163", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a6f0e00253726d198bf3dcead22d1df34337f2d8", "file_type": "modified_file", "id": "file_51", "md5_hash": "0ea871643e1efd851bdf75d349a3dd46", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "a6f0e00253726d198bf3dcead22d1df34337f2d8", "sha256_hash": "458121e877e8ab037585192ad929a82e4e352662b46750a84f8fd5e7c224ec5e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2573b856c7eb6dc9faa3221a0d39107864f61f8d", "file_type": "modified_file", "id": "file_53", "md5_hash": "4d360bb043a3428b923706eaea9c1de6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2573b856c7eb6dc9faa3221a0d39107864f61f8d", "sha256_hash": "7f55c9b1cf55225f33224ee5c3173edb43a6451dee4181fbabf379dfdb8258f6", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7d4ea73d6b7a7bb59c91b30b2bad4eebdb281ab9", "file_type": "modified_file", "id": "file_55", "md5_hash": "7b95cd6c0b1a8735ff0b3b628a56aec5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "7d4ea73d6b7a7bb59c91b30b2bad4eebdb281ab9", "sha256_hash": "0320cd126bdbcc6b3c47876eecb7b09891bf290acf739d432523049c27d92ae6", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/acc7dd2fbb624839bb52061301aa980db6e26d10", "file_type": "modified_file", "id": "file_57", "md5_hash": "8c9827beada5e0066b5f5f962afe8d1b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "acc7dd2fbb624839bb52061301aa980db6e26d10", "sha256_hash": "a9318420cae0d9b3bae15ab505e36d538b757a06d210acbf743b565c1dee807b", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1488531700e2692e1c9858d6f2c82ee033ef8e13", "file_type": "modified_file", "id": "file_59", "md5_hash": "551b58e8cdb91d3ce675b6caf3ccc5f6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "1488531700e2692e1c9858d6f2c82ee033ef8e13", "sha256_hash": "6148f6799b15857a4ceb68ce889418b7ce28b48931cff98618ba19b7260a861c", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d58f888c1a1ea6ce871ccb35ca181632e16e2f01", "file_type": "modified_file", "id": "file_61", "md5_hash": "45e5bd6ed45ce5089ac829e2c7daaed5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "d58f888c1a1ea6ce871ccb35ca181632e16e2f01", "sha256_hash": "2ca32dc03b110b1d3cbfbfc840e0c25a3ad27405def585785e50c75857b239a9", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b8dd24b7af0142059d10d03828e67c6249dd62f2", "file_type": "modified_file", "id": "file_63", "md5_hash": "dbdc08589776cb606424d1a7271fa4b2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "b8dd24b7af0142059d10d03828e67c6249dd62f2", "sha256_hash": "c2c9e90b31d29a54fdde837126a74a09a5ded87662ab1ad0d923b4ea3e47e862", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b77f7edbc9d18b9e2bad433c3c6b036466fd00cd", "file_type": "modified_file", "id": "file_65", "md5_hash": "66d1734e2a678e1ee5a57e4dd52de11a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "b77f7edbc9d18b9e2bad433c3c6b036466fd00cd", "sha256_hash": "4331ffd80feab4efe02313932587b1bb5e8d3056fd3a9d3fdd88b4e5d07f68c3", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2bbb8bb45a20fe49b9df890085ebfc887bf0ae7f", "file_type": "modified_file", "id": "file_67", "md5_hash": "c2b4d63f0d3d148b592eaa3c7fdce1d8", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2bbb8bb45a20fe49b9df890085ebfc887bf0ae7f", "sha256_hash": "ae7f3e20e8b1e3beebaed7400f11fe5dd648acf2c75fdde06737f5fceecda4d0", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a257c3330d908b6d50da079cc91ea4ecf99b99df", "file_type": "modified_file", "id": "file_69", "md5_hash": "6b48287462a22f07b63924dc4c1079cf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "a257c3330d908b6d50da079cc91ea4ecf99b99df", "sha256_hash": "cd07522a7e5d25b1461e82e0e6680edf744a2d78200df517c94a4eb493a501b3", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/937d82f19b71b97529a7424f8a724ccfea4cb453", "file_type": "modified_file", "id": "file_71", "md5_hash": "a0c4f6838ecd427c072ba3a6d8f467e9", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "937d82f19b71b97529a7424f8a724ccfea4cb453", "sha256_hash": "30b2c1642e1b0d99ca7ee5fc769c205303571c54fa1ed3fcc60f9f3aece459d8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/58adfc371a5d5c29e6a65dcdb9692d7addd5b8a8", "file_type": "modified_file", "id": "file_73", "md5_hash": "db365aaa178f4cec323568d0a2d92459", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "58adfc371a5d5c29e6a65dcdb9692d7addd5b8a8", "sha256_hash": "81bf4ae209f9f4e703d136cbde9ec6eaad18cf68190d0b89bf6e6329adf13b15", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/516689dee57e7a087e053a3f402cb816823b38d4", "file_type": "modified_file", "id": "file_75", "md5_hash": "2e48c94dfa710b445956e81d14902aa5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "516689dee57e7a087e053a3f402cb816823b38d4", "sha256_hash": "b5c7fb38a69f387122451f9ccd7ebe0249cb569cb432f6956317fb44e62529a1", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4d7684cd527b9c00a992d6edaa89e353d12076bc", "file_type": "modified_file", "id": "file_77", "md5_hash": "0e79b690ba279131fff542c4801351fc", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "4d7684cd527b9c00a992d6edaa89e353d12076bc", "sha256_hash": "517a60ed330120a013dd402887c436fc85ba0d32873d3b30dea48ee0c8cf73e9", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6501b794158985f690a478c49f96414901b7c16", "file_type": "modified_file", "id": "file_79", "md5_hash": "470432b0d9ac88813cb2f444da58cb24", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e6501b794158985f690a478c49f96414901b7c16", "sha256_hash": "77314f36add45bba5580811496a7e9a095a1021bbdc3c91819c9a8f17bcc3ed6", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a8d454bdcfc462272dbe58f17f0f11eb0e5c6bf9", "file_type": "modified_file", "id": "file_81", "md5_hash": "bb61023e4fb73929049e1a8f67b1961a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "a8d454bdcfc462272dbe58f17f0f11eb0e5c6bf9", "sha256_hash": "9861bf78b729b2f7f572bad333d68013013bc254de0d5d945024036281e77314", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3661bc7bc7aef1b340574d767de1c26d055798b7", "file_type": "modified_file", "id": "file_83", "md5_hash": "31a2f135681199bb1f1d33a8e567e071", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "3661bc7bc7aef1b340574d767de1c26d055798b7", "sha256_hash": "40f64331918c493bacbe1fdf00ab63f516a9e9091ff43ff0b5c901311e1a158b", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b5ccbf19b26b184acb314b439c708f063030ba65", "file_type": "modified_file", "id": "file_86", "md5_hash": "036177d0287e398e2a461109a9c03b17", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "b5ccbf19b26b184acb314b439c708f063030ba65", "sha256_hash": "27a111af8c58ff71b72e16f858cf9d0592cf3585ac02f38e70a540fd101bf85e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1d33bfe2426416e14c40b080aca5f226dc26e121", "file_type": "modified_file", "id": "file_87", "md5_hash": "3aeb6d30aceeb81e1c93cfe420dda735", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "1d33bfe2426416e14c40b080aca5f226dc26e121", "sha256_hash": "3c126d7de1bde6ae1064f3cc7ec070b25c27afd606930125282fadb99adb0c6b", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c1445a4fa3ab71be001f5a477c16b7ddbb1185b8", "file_type": "modified_file", "id": "file_89", "md5_hash": "b052818d5dad028f345fc59ad440284b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c1445a4fa3ab71be001f5a477c16b7ddbb1185b8", "sha256_hash": "b19d73b07f8e199dd4175ea802f0f6bc04807aa2fe2c5757fa6ac5584948e805", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5441b1df0f954352cbf82fa51a6314c3e7f38e05", "file_type": "modified_file", "id": "file_92", "md5_hash": "5a83fa0ee650ead8b8c97b3b48cac33c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "5441b1df0f954352cbf82fa51a6314c3e7f38e05", "sha256_hash": "66ab80f0337f9fbd731021d3d995b8c647e7a30bbbc3acf42b26ea9e6b1841af", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c121a6da9c2df661db8ad6bbfe9258f3b2175f3f", "file_type": "modified_file", "id": "file_94", "md5_hash": "192e38f6712b4bfe6b6940b67e542e13", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c121a6da9c2df661db8ad6bbfe9258f3b2175f3f", "sha256_hash": "b5c9bd35825fd81a83f3e35f0ceaaafde7cacb249a7d88de7ef025d51156f55a", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e89685354569382d2353422692583228b761268e", "file_type": "modified_file", "id": "file_96", "md5_hash": "ea87a51c5b7d175b519c0410c73dc68b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e89685354569382d2353422692583228b761268e", "sha256_hash": "89ba1e6d538a1beea3ec56280f78d38f9c8f11fb9ff67d919965b622653aeae4", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d4a1c8bb5fc3e8a97f45e9f7bd3622bcbcd49c2c", "file_type": "modified_file", "id": "file_98", "md5_hash": "16fd7d224cb9bd2d0e0635f0d657e7e7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "d4a1c8bb5fc3e8a97f45e9f7bd3622bcbcd49c2c", "sha256_hash": "350ca8506e976e56b35a33adac75f67eae9d880708c75a624de5e993285d86d7", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7bf0d3aa4ce8fc1180129efdfb3ef4c22c820eef", "file_type": "modified_file", "id": "file_100", "md5_hash": "ef19f5fb3de11aeb1a94727dd89c885e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "7bf0d3aa4ce8fc1180129efdfb3ef4c22c820eef", "sha256_hash": "cf04c3cb9f95e60367aa2761cd37c81bb24e5f89278f328fe716a3dd65fff403", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/24f927af56a53e2fce91112af40690ac683948f4", "file_type": "modified_file", "id": "file_102", "md5_hash": "933865606c3a1e039ea8814280a61496", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "24f927af56a53e2fce91112af40690ac683948f4", "sha256_hash": "11159a7dfd9e7445afbf85076324a275fc1b54201c7555fa503148197a4c4e01", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3f22a3d0e49c65679247ce3f37064280c2113a90", "file_type": "modified_file", "id": "file_105", "md5_hash": "7ac692bc78a7e2585c34b88b865b07dd", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "3f22a3d0e49c65679247ce3f37064280c2113a90", "sha256_hash": "7fa8f262d609f2aa2e937759d94ee4a6b9e74bf472e26736c1a65a9a6b00f115", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d413010296d9619e9d9b8eef5f2db0e6211ad46f", "file_type": "modified_file", "id": "file_107", "md5_hash": "bdb3b93da1d867f46dc90680801a308e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "d413010296d9619e9d9b8eef5f2db0e6211ad46f", "sha256_hash": "43ddf773620137d261254cba0c5692f6df53415900cdf92d1f149bb8fc520877", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eb2baf5256eaa5305d41a76f1bb1c31f4480019b", "file_type": "modified_file", "id": "file_109", "md5_hash": "111ce9ccdb1b2f74959823f16ff312a2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "eb2baf5256eaa5305d41a76f1bb1c31f4480019b", "sha256_hash": "aacaa02d4786d917437ceeb041eac71d2714223e506fbd834127e0622eba19ab", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/518807cdf1c6dc5aa458f33b3c91b798620b5f45", "file_type": "modified_file", "id": "file_111", "md5_hash": "8e0e161294d7f2bf6e2ac3155e07e5a8", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "518807cdf1c6dc5aa458f33b3c91b798620b5f45", "sha256_hash": "f4e1e97f06ee45352968923bf4c7a7ce1db9248c8ae4cea482e3c5628d0ee854", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7edd228ebcfb10eafca39707d00d5f09417b4f1c", "file_type": "modified_file", "id": "file_113", "md5_hash": "c790532da14e90812fa485cbad151729", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "7edd228ebcfb10eafca39707d00d5f09417b4f1c", "sha256_hash": "35e290b70c010d989fb6cc000af700a6d754fa9fbd081c686009e78cbf89f754", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/de00149051ca4cad95569e383718ab56562705ed", "file_type": "modified_file", "id": "file_115", "md5_hash": "8d7cdcb73d636921b1bd56d197d64ae7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "de00149051ca4cad95569e383718ab56562705ed", "sha256_hash": "68de719a2a0087b5a3c7338a7d7f081147798d49422272b0ac000e9c8ef764b0", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ae1dd9da48d96f2012887fe24b707cb7e1e9d850", "file_type": "modified_file", "id": "file_117", "md5_hash": "5ee3bdfc2e4ad6e1663da842fcd92b25", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "ae1dd9da48d96f2012887fe24b707cb7e1e9d850", "sha256_hash": "90024e4d93e8c84870fa78c57d4e6b12d4a2b634ca84a2d2f2b0ab734f533770", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9c0b5078d298fe333f7ce7f78470268010d2b557", "file_type": "modified_file", "id": "file_119", "md5_hash": "f5a35f0d8c9258d21bb879c879ae52a2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "9c0b5078d298fe333f7ce7f78470268010d2b557", "sha256_hash": "a7f6bf7e3cc4736d13a5187a665d39e981292c0e7d866f0d16d5cf44a8af06fa", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bd17df7ed6ed6b24c8910f31c8c01f1f747a2593", "file_type": "modified_file", "id": "file_122", "md5_hash": "415df0e14cc75b273797766d5d5dbd92", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "bd17df7ed6ed6b24c8910f31c8c01f1f747a2593", "sha256_hash": "66272164f4ac974910a84b77c2ee776bcb2f820bd03fa20351910176280af8db", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e613f37ce004d59bd4ce6f872f941cb9e02b72c0", "file_type": "modified_file", "id": "file_124", "md5_hash": "03c4c2cbb7b71b62ad4f2fa06dbaa500", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e613f37ce004d59bd4ce6f872f941cb9e02b72c0", "sha256_hash": "3905fd39cd97889b1b2bae7207efed14812670307c0f9c0e318bb3564a35640f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ee0f11ad7b58fe9f5f702e517b89261189ab117e", "file_type": "modified_file", "id": "file_126", "md5_hash": "d0c9664b82b132a1d5e55c7641bcaa32", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "ee0f11ad7b58fe9f5f702e517b89261189ab117e", "sha256_hash": "37c0a3ae1d80a2147c59b1c10a302d3b1ebf0ab1446b3defaaed6c3ace077722", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a90e74b74436dc0b72e9abc19fe04994399425b0", "file_type": "modified_file", "id": "file_128", "md5_hash": "60221806b1eaa971f0805f198a52bc53", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "a90e74b74436dc0b72e9abc19fe04994399425b0", "sha256_hash": "50f2579c60287ee07ffea0c18e15b37c317e7ffcd94a8ea075786ad848f8ad22", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9f93cf8a01f1d99e4862df6fa92e0c9944107809", "file_type": "modified_file", "id": "file_130", "md5_hash": "1545eb055019f44d7bbafcce4a2cde44", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "9f93cf8a01f1d99e4862df6fa92e0c9944107809", "sha256_hash": "ccc2cc793c89ebfec6068f9d72d591cc22aa557eb73c9e6dcade90dd10aacf57", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e06a99bba6e83ff5776c7c45bfa60da7f2ee1e49", "file_type": "modified_file", "id": "file_132", "md5_hash": "d50cb474d15009cc1509b9c7a8e6de18", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e06a99bba6e83ff5776c7c45bfa60da7f2ee1e49", "sha256_hash": "4b39743cebc5fa913adbe0239a7be1dffe73cc2100fe72a4c0384f6f852da525", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1d7ff3f462f66840e68e010723586967e47858ee", "file_type": "modified_file", "id": "file_134", "md5_hash": "76199b79207313ef73e58c91f894090b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "1d7ff3f462f66840e68e010723586967e47858ee", "sha256_hash": "991c1f594a24a0e24c333bf9de9854e7f5a96fc2a1c54d15ea3e4e224ec19b57", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c1de5526e61897a5fa45fcd20599d14f935a36b", "file_type": "modified_file", "id": "file_136", "md5_hash": "a90e656f2ec243ac278a7150f144826e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "5c1de5526e61897a5fa45fcd20599d14f935a36b", "sha256_hash": "9abf69230425feb25f8108958cb0f1bdb1f788e64c5efd299ec6161648693d56", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3f970d9f20d9aea90b7583713feb8cf1ea387888", "file_type": "modified_file", "id": "file_138", "md5_hash": "1c2c2b82a51b6ef553f80c73abeed2cb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "3f970d9f20d9aea90b7583713feb8cf1ea387888", "sha256_hash": "5fcaa9ff44861807206b5cbd9456ce0606c002389aee7d7e8b50fbd8d5e49a07", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fe0db975d455f0731152e3e60d314abf08596253", "file_type": "modified_file", "id": "file_140", "md5_hash": "8b3fcd1aa2f67b805cd72d9872e43331", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "fe0db975d455f0731152e3e60d314abf08596253", "sha256_hash": "7500cf228ceb07da0bd655178a3c486d1f9d8a971982ca1112e44313c56c21bf", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f9ac2630266c3e1221ac41505950e6c7c618cd93", "file_type": "modified_file", "id": "file_142", "md5_hash": "ac68798e09ca338893adc19ce95c834c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "f9ac2630266c3e1221ac41505950e6c7c618cd93", "sha256_hash": "07abac86557b1ce80920c850ce28501e495f6cd99852843fd1df1206d433613c", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/590fe102377c38ea3b72893c9c0f72a5194a8395", "file_type": "modified_file", "id": "file_147", "md5_hash": "ba78ceb68b3246ff67e0e430963c657c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "590fe102377c38ea3b72893c9c0f72a5194a8395", "sha256_hash": "8ddb712d9465216f3daf2f12a1dce5b0a8b72237ce63c37312a4c0ed955b9137", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1dedee862e459a632dfed9cfbe58e972281172f8", "file_type": "modified_file", "id": "file_150", "md5_hash": "74028e74ebe873be07b955651a6aa13a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "1dedee862e459a632dfed9cfbe58e972281172f8", "sha256_hash": "7cf49a79ed677cc1d2fbba89ca1ab5aae02322263c829f2e09143cbab1c4a9b8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f242231b5c84871a6c09a2e09bf1b16426842b07", "file_type": "modified_file", "id": "file_154", "md5_hash": "f4fcceec6b9b572b3b94b27716363b72", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "f242231b5c84871a6c09a2e09bf1b16426842b07", "sha256_hash": "61b4751d1e9f2b77ea1f7ab71090ef5c4437531a3da38fe94db6b210d1f067d9", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/13161e758d6999f04c9fb2e09c5aba9a6433ca41", "file_type": "modified_file", "id": "file_157", "md5_hash": "5ad052dba685485c7911287e9a6b8b62", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "13161e758d6999f04c9fb2e09c5aba9a6433ca41", "sha256_hash": "48aa50b67a1db1bf079cd57c963624623aeebcd4c28ed665288714a21985ee23", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/04ff02f4d30c0a2394504c070be5651d3a3bee68", "file_type": "modified_file", "id": "file_160", "md5_hash": "74599cbe33b049f550921c7d20bdba0b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "04ff02f4d30c0a2394504c070be5651d3a3bee68", "sha256_hash": "a3c9943edc224207a9d0eab310bd7dfba0e4aa7cdd751de0d8a36620b17b8116", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/97302c23f0f601fb3f1e89cb4a81300bf20e9e4b", "file_type": "modified_file", "id": "file_163", "md5_hash": "6488c62e37499b1d58fd634432e69b83", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "97302c23f0f601fb3f1e89cb4a81300bf20e9e4b", "sha256_hash": "784c14470886b97e160cd326d70eac01c9b5f32f30100cf4ff4dd965fd1b2675", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6447e6d431fe201ac0245b8ffbe9fc0ebeb705ff", "file_type": "modified_file", "id": "file_165", "md5_hash": "ff10d6669524223808a0a12e5e418e60", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "6447e6d431fe201ac0245b8ffbe9fc0ebeb705ff", "sha256_hash": "34344b59f0273d17f0a95b4ba618cd39864f8edbcc267bb81760a9a7729118f0", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/998ffebcf24858f5a5ad059e356eadecb11dc1cd", "file_type": "modified_file", "id": "file_168", "md5_hash": "abbbc719b95e9c9426ff3590fa62190d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "998ffebcf24858f5a5ad059e356eadecb11dc1cd", "sha256_hash": "814adbcbecbb6f95b52c8652b902f25fb04c5d53891e880767b5d474623c2ac7", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e54deb9e27deffe78a2f3b77c5fb6a94fcef1c36", "file_type": "modified_file", "id": "file_170", "md5_hash": "0180870b42dcf8ca9e1765fa35ade47c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e54deb9e27deffe78a2f3b77c5fb6a94fcef1c36", "sha256_hash": "1799b8426f5ff8428d6a3a1988c46deaa0e7e645aa337c867907f21080d87109", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/69dbabaefc96d168d955c03e6104c78e25dcdd38", "file_type": "modified_file", "id": "file_172", "md5_hash": "1d68f06a6c6fc73d7f40f5ee174d9c77", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "69dbabaefc96d168d955c03e6104c78e25dcdd38", "sha256_hash": "010d8370806c0b26e1dbc893db33f2c758f40376f1fb5589b0b471b6eecb5db4", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e481f1a39d40f34ee4d119cf35116980a0c32142", "file_type": "modified_file", "id": "file_174", "md5_hash": "8ef54491807ea0fb81e3c0512536b738", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e481f1a39d40f34ee4d119cf35116980a0c32142", "sha256_hash": "62d8616bee6dcf16c8e4993b2a52f9b32b99b69c67b1501d0fe893478a5d5b47", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8bdf345f8c4ff48c3e0d164d83fcf35229923a1c", "file_type": "modified_file", "id": "file_176", "md5_hash": "502a367144ac188f54517e7ba4ba8594", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "8bdf345f8c4ff48c3e0d164d83fcf35229923a1c", "sha256_hash": "6430dda12a5cc0fd1dcb60b683727c77849b8293da1b9ea25ea41950bce4692c", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e8238db794b1603a471d468a7e237f14641186e3", "file_type": "modified_file", "id": "file_179", "md5_hash": "4170d50d3edbee713a753cb7c213a63b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e8238db794b1603a471d468a7e237f14641186e3", "sha256_hash": "869131efbd21d9db9e9fbd3942dee62711eeccf3ff75d547e78a70d40dcfcdbb", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/03b6584982f4b192a6b2456a2db0da7cc1193a5b", "file_type": "modified_file", "id": "file_181", "md5_hash": "13750b82fe45fb6ff1bae553cb2d2cf2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "03b6584982f4b192a6b2456a2db0da7cc1193a5b", "sha256_hash": "c91e2c9996671460a054cb2b75d63556ce888ff767abb7474c34aabefac94c34", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36a71b190b559f31c512ccba9855f1e42cae9489", "file_type": "modified_file", "id": "file_183", "md5_hash": "22016b6e8346a5c499c6fff2524a1f72", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "36a71b190b559f31c512ccba9855f1e42cae9489", "sha256_hash": "2432df3d3bc41cae7f91100cd409c7c1012f9f301114500b67e68abbd9bbf72d", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1be89702a029e0e3e54aaf5dc9f83487d379c47b", "file_type": "modified_file", "id": "file_185", "md5_hash": "fd1e5bd3a8ec32f255e008bb6824fea2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "1be89702a029e0e3e54aaf5dc9f83487d379c47b", "sha256_hash": "dca3925a815c7c90f8ecd25dc8d4ae6ba22881cf52ca20a9edc5ef92d9343ca6", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9989a3cfb770933f9f75e60f1b3df5eb1bf50486", "file_type": "modified_file", "id": "file_187", "md5_hash": "da6156020cdf6e3a40327436c950d6dd", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "9989a3cfb770933f9f75e60f1b3df5eb1bf50486", "sha256_hash": "19d991c420c129af18d9e5083fb27d2d24affdd72c44ef279f4e4ae73854608d", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c0df1504bee2d24254f58a08b27fe7a42e943b35", "file_type": "modified_file", "id": "file_189", "md5_hash": "5506b753acd8b8867b7694cecdd25213", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c0df1504bee2d24254f58a08b27fe7a42e943b35", "sha256_hash": "51a34ba0b6dff1761387f97c9994aa8986d675937be0d1765e38bc751b13d6db", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/824cb41693d1e5343eb40b741a2e7098a167cd9c", "file_type": "modified_file", "id": "file_192", "md5_hash": "ab254de9bba2cc31524de16d36e6d31d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "824cb41693d1e5343eb40b741a2e7098a167cd9c", "sha256_hash": "824af92033197ed7950ff6080006c96c36af6a8044a51bf9d8ebf2ea00dda76d", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6f4dce3e5505f42d431fcd85f4bc11c0141fcaf4", "file_type": "modified_file", "id": "file_194", "md5_hash": "a35b740ce644ea3f912ff3b750d23f58", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "6f4dce3e5505f42d431fcd85f4bc11c0141fcaf4", "sha256_hash": "a8dcbc24f50fc26e9fe385380a3c764b251f5be3560daca44ac7216115708818", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eaf0968afc4c190d13ed940fbc265ac913528bfb", "file_type": "modified_file", "id": "file_196", "md5_hash": "fbba74be12d24c72d64aded8f19a69bb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "eaf0968afc4c190d13ed940fbc265ac913528bfb", "sha256_hash": "3d425503980fd8a825ee8ca0f2d400c7bbfabeafb67e3f3076235cdab86df4a4", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4fedb8875a794f8a51d55f1b9c08cf086003bd32", "file_type": "modified_file", "id": "file_198", "md5_hash": "ae0898ad377a1cfed5d8dccc89fa6c3e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "4fedb8875a794f8a51d55f1b9c08cf086003bd32", "sha256_hash": "a2d4531fdbc50a3a192d31cf9aab5305cd531d2eb98d7c42aeff311506b0580e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c675502d98e3bd9e83038ddcff4a14bbb7b12396", "file_type": "modified_file", "id": "file_201", "md5_hash": "d93155fcb055e78e8ed256307a409e27", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c675502d98e3bd9e83038ddcff4a14bbb7b12396", "sha256_hash": "dc40b87054f35f31723f1a01a56fd9623052e776d6c5b01a503a45e457916873", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0ceade1d8a3bf9a3554436c98815eb6fe4349cf0", "file_type": "modified_file", "id": "file_205", "md5_hash": "e228e3d6f60380bb9725d4cdfcb3019e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "0ceade1d8a3bf9a3554436c98815eb6fe4349cf0", "sha256_hash": "c2abf30e01116e73ed5345bf0a5ccd9a7d3d70547f4097d477b84272c77d92c7", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5cfda9d814f7b1a3fffd56d551ba9b3ebd9ad01a", "file_type": "modified_file", "id": "file_207", "md5_hash": "8b40b425a4aa246b0faf03c4dc41865e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "5cfda9d814f7b1a3fffd56d551ba9b3ebd9ad01a", "sha256_hash": "d7d5f4665406ba7e230296e899c3bed7259b84ed2683cff961d7785f9bac718d", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/35f2ebf27b0db55af75f3d08f59372a2d95a2dd5", "file_type": "modified_file", "id": "file_209", "md5_hash": "8802819753960d2c9cc3b1a690a15478", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "35f2ebf27b0db55af75f3d08f59372a2d95a2dd5", "sha256_hash": "f157bff623502eab620c704f895a53d9368b496f4b2cb3a12d3c5691b31e0291", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e72c06957fe845578e69838794ace5e9468e1e8d", "file_type": "modified_file", "id": "file_211", "md5_hash": "a8d83dc108c385716b571af0cfd2450b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e72c06957fe845578e69838794ace5e9468e1e8d", "sha256_hash": "c3629e4c0df1d1137c47d19d126fe3f333d1ab295b29aac897644a8878e89b20", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b4244207352905669fc074bdde627b161ada17b4", "file_type": "modified_file", "id": "file_213", "md5_hash": "f65002e1176f5c6425db6352662618df", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "b4244207352905669fc074bdde627b161ada17b4", "sha256_hash": "2f24f7e19e6c472620b70174424bbfa3282469f83cb1742608bf68bd34238255", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a683ea35b2238c21c8950d7cb2bb8a69937e721e", "file_type": "modified_file", "id": "file_215", "md5_hash": "8a11a0c50125cc1fb4363d354d3ab452", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "a683ea35b2238c21c8950d7cb2bb8a69937e721e", "sha256_hash": "f2a825107bea2ec68c1b5526efe3030813053406b6c9a8cd048eb6d9f5f231fa", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c60cff1019db53e38b3e7203da7b905c1eafc87e", "file_type": "modified_file", "id": "file_217", "md5_hash": "acdec48add32d8ff2f89deda598c1102", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c60cff1019db53e38b3e7203da7b905c1eafc87e", "sha256_hash": "9ebf34d9d112d9a9b74003b7dfaa624a0256485b7f7a18bd5004730f48aa4329", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9a049e8c92d4699dce538a549b58a559c6da7b1f", "file_type": "modified_file", "id": "file_219", "md5_hash": "4ba7590cbcc41baa6f202c28dbee804f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "9a049e8c92d4699dce538a549b58a559c6da7b1f", "sha256_hash": "3022ba90e9a41f1da6bfd88421bb82eeafef0e0e7478139e2db04b66b5301cc2", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d18bb72636623cdbda75a7fe19340e1960334d14", "file_type": "modified_file", "id": "file_221", "md5_hash": "9ec4caf1969ce582c75b9690ef8288a5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "d18bb72636623cdbda75a7fe19340e1960334d14", "sha256_hash": "e5ef6de0838d37fab7d7bb3a3f62c1fe80d45c93efae1ab23de140d84b2cbb73", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62c7bf4393ce2678d0ed5c5dbd7f5cc7c8646131", "file_type": "modified_file", "id": "file_223", "md5_hash": "629a94de1eb5eceb0768c6f544287f12", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "62c7bf4393ce2678d0ed5c5dbd7f5cc7c8646131", "sha256_hash": "c687289f1d490fcc4667fccbae122692e3180f1edc44ec2e2caff018b95370af", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9d225cdaa02ec39470e3e6cf642c3831d57b897e", "file_type": "modified_file", "id": "file_225", "md5_hash": "7e15d8188b120c9c86e18744a1bcfdbc", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "9d225cdaa02ec39470e3e6cf642c3831d57b897e", "sha256_hash": "ae28d89c8a8ac0bb15b9ab4c77eb78fead63288659ff6532255a6e315f9a5868", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/819e6885dec172c6656689eef7f825995370fbe7", "file_type": "modified_file", "id": "file_227", "md5_hash": "07f427ee10790018a36b1a43eed94a3f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "819e6885dec172c6656689eef7f825995370fbe7", "sha256_hash": "c46a10a59d028345f3250a6420cd8930036efc22548ebd283accde2ab32fae73", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f424df5f8592f918731289ac64fab06591f9835c", "file_type": "modified_file", "id": "file_229", "md5_hash": "66228c093f2176dd6d4e8abdbf901280", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "f424df5f8592f918731289ac64fab06591f9835c", "sha256_hash": "ef6ceaf0147dc2e445a8f8dc4f1c1f64b0b8e3284f78ef79e58a94a8b2848a2c", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/854b1261fcc27f8b7a92e6c961743c342dc82230", "file_type": "modified_file", "id": "file_231", "md5_hash": "ecbbf8d71492486ed7a515155c5f07cf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "854b1261fcc27f8b7a92e6c961743c342dc82230", "sha256_hash": "3dcda8549bc20be73b2272deaf97bd3a29c8a25688dc96ab788fc93dd5d02375", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9ba5efccd61fcb243aeedcf06c7cc7efafe328b5", "file_type": "modified_file", "id": "file_233", "md5_hash": "3da69b963357527619a17540a7cb4bdc", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "9ba5efccd61fcb243aeedcf06c7cc7efafe328b5", "sha256_hash": "971161f2de1ecef8ad0bff3191aecf90c24ce6222b856adbea7eb52a9e390017", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d378c73a63c6eda58ebc534736790ccfe8f34901", "file_type": "modified_file", "id": "file_235", "md5_hash": "6f62bd211490087c503dfab27d4d0ea0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "d378c73a63c6eda58ebc534736790ccfe8f34901", "sha256_hash": "61da286f592000a7b3387580dca2a346986428f40e38f54a4f64d4bfc365bbe8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b5bbcc57107d91bae5ee3736975712d919b61118", "file_type": "modified_file", "id": "file_237", "md5_hash": "c3746a99d4cfd6541f64d69b4c7af0a9", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "b5bbcc57107d91bae5ee3736975712d919b61118", "sha256_hash": "f8fd2b84dc389a149575a9954e7c42d761bde6eada9353d748e09786c1d5f635", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b4242e312287c97f8386727422eb1bbcef2719fc", "file_type": "modified_file", "id": "file_239", "md5_hash": "6e73091f2bcbe8ebaa9f123f644e7116", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "b4242e312287c97f8386727422eb1bbcef2719fc", "sha256_hash": "702764e47f4b902be80d17465639dadd9897da302f6d40be3e2f03fb10df56a8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/222b291457fd973c8697a66a358301767e181c6e", "file_type": "modified_file", "id": "file_241", "md5_hash": "e475964cd0b5e79e2060561501e572bf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "222b291457fd973c8697a66a358301767e181c6e", "sha256_hash": "f44baeef5c5d348c974afb15bc02f66326a5ab6a50f64bd9ba5fe61c826296d5", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e16acc3babb39ef63ecc2b6b413c45ba0acebb8b", "file_type": "modified_file", "id": "file_243", "md5_hash": "83065d3af1ac7ff34887a69248930c1b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e16acc3babb39ef63ecc2b6b413c45ba0acebb8b", "sha256_hash": "21c4022e528f44439d85bfd654dff0b218650c862a54f979914909900d7c901e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f6cb4b65c5e05647aac8e69f4e37098d86ee8c36", "file_type": "modified_file", "id": "file_245", "md5_hash": "c0140bf3ec17bf0207519fad908563b3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "f6cb4b65c5e05647aac8e69f4e37098d86ee8c36", "sha256_hash": "0678fa0056c4a4b0561bfa97b3d661ce5736a8f8fb8df22435f2f55410d65bfd", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/81b49ab9adcc957b01cef92e1a3a820b86619e7a", "file_type": "modified_file", "id": "file_248", "md5_hash": "8cd8f5aecb163e34cbb95d4dafc757eb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "81b49ab9adcc957b01cef92e1a3a820b86619e7a", "sha256_hash": "8f037170a2cf5697841fdfce99118a2d1a421b4438a838c92bcc72ecf0450f05", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a332ba2a230537b5f5c923fd91256e67b2fd3cf4", "file_type": "modified_file", "id": "file_250", "md5_hash": "76c41a76e7c277c30482d6c68eacaebf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "a332ba2a230537b5f5c923fd91256e67b2fd3cf4", "sha256_hash": "623eed6e31a8726cf27a9e99225d9085add16715ea6d80b2a10248f58db6fe86", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6d8e2add25b49160ec5d7ca39e8b6098eeaded6b", "file_type": "modified_file", "id": "file_252", "md5_hash": "2befc8fdc1f628ea7d411e2034128843", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "6d8e2add25b49160ec5d7ca39e8b6098eeaded6b", "sha256_hash": "0247fac45afd615d0354ed4fd20580275fbebfe6ee279b7d8338f94089dae324", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7a62c57eee8dac7418c0fae1dae1846ea7780b54", "file_type": "modified_file", "id": "file_254", "md5_hash": "476ed9c62d652fee45bb0a7d370351f9", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "7a62c57eee8dac7418c0fae1dae1846ea7780b54", "sha256_hash": "ad9eb960a19699536d54c945dd3d2cd5fe87dcba7e5940015d2e2b3a28ccad46", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f570934fb650ba3f62403ab750a331396364113f", "file_type": "modified_file", "id": "file_256", "md5_hash": "49372e91edbb7f13a9f4f8b970ba3cbd", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "f570934fb650ba3f62403ab750a331396364113f", "sha256_hash": "0d194530694210d61871f92847286823c04e027775d7486cd551fe5cd7ef1d94", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/338c8723bc53c0359eac4818c94746ceef0b0915", "file_type": "modified_file", "id": "file_258", "md5_hash": "27fcc6c5a519d70b25265605ce65ec67", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "338c8723bc53c0359eac4818c94746ceef0b0915", "sha256_hash": "16cda29fabefd315df376c5f22b146b02d248eb96f039335802bf0bc2b887c9d", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5589082fcd0cd0268a133a63961ea3f4bc2f7218", "file_type": "modified_file", "id": "file_260", "md5_hash": "736d797c53a971f0435ac03bfa8e2e8d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "5589082fcd0cd0268a133a63961ea3f4bc2f7218", "sha256_hash": "7773bb240abfe69eb96e4a4c42c9b0d59656145c5727856a828589c14803c4a7", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f7ad5365959fcff1f01d3b8e2617ea1c7df4fef2", "file_type": "modified_file", "id": "file_262", "md5_hash": "ae26c1f39e328a672a3b716e4f2196a7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "f7ad5365959fcff1f01d3b8e2617ea1c7df4fef2", "sha256_hash": "5a0e4c2ce1f2a5b5db46e2dd6036ad073c6a55165b989ebab9b6e489ca21a26e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4fc1e2eb43022e48079c9b65327a934c4c7ca3a8", "file_type": "modified_file", "id": "file_264", "md5_hash": "329b8a34ebabaad8a1bf864831194752", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "4fc1e2eb43022e48079c9b65327a934c4c7ca3a8", "sha256_hash": "1d297337a4b5f7832f2051c785fa2e7d3ba3975ffeb3a736055d0889c7ef87d5", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0a05cea2f609eee104d87d364681c8cf8a0bcad5", "file_type": "modified_file", "id": "file_266", "md5_hash": "fbe411b74a0ae779a578da7f172457c8", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "0a05cea2f609eee104d87d364681c8cf8a0bcad5", "sha256_hash": "28168186a5964a0921d0311a098aa4acce989b8ef197db49884176f7dc0f771e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/073f2754851fc1d4db332c3ead644e704027287c", "file_type": "modified_file", "id": "file_268", "md5_hash": "318caa82922715054214fcbbcc4119ca", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "073f2754851fc1d4db332c3ead644e704027287c", "sha256_hash": "1bd5608778affd0323834ee57d819443a832e0819ad910421ee1df4778895b4e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e3d7ace059e42cf6f606ca18f94ff0fc59fa27fd", "file_type": "modified_file", "id": "file_270", "md5_hash": "093ae23c04cf29bea6698995efd03a52", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e3d7ace059e42cf6f606ca18f94ff0fc59fa27fd", "sha256_hash": "d958036f2581b75a5467af2c312b46686eb6412005ac0fb3e150bae3d6a22e31", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2162e7ec8f1f31ab2e7f44bbcc192c274cdc9cd8", "file_type": "modified_file", "id": "file_272", "md5_hash": "8dbf466f718a9cd3f186fa610189b5ef", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2162e7ec8f1f31ab2e7f44bbcc192c274cdc9cd8", "sha256_hash": "84430c0abf64fd399a1b8670706fbd5addad5b184eaf79a8f62772415ad24019", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c97a7301c2bb7b2007eab0ea843cdaaa231cd77c", "file_type": "modified_file", "id": "file_274", "md5_hash": "54b801d6b674306d06cede268b328c8e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c97a7301c2bb7b2007eab0ea843cdaaa231cd77c", "sha256_hash": "4408199e1687d98af2c87eef7b9115f9714892bb45bef6d0cbe05c94f5d4816f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8c238ab77017e986943f979b0d7998b7650509dd", "file_type": "modified_file", "id": "file_276", "md5_hash": "95b154f39ccd405a430bac6d73d48321", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "8c238ab77017e986943f979b0d7998b7650509dd", "sha256_hash": "3035a45765e93f18547773ce8274f3d468d7da63ecb0ada50929a390c90f0361", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/617200df312225262435a3d9ea2e0288e85d106c", "file_type": "modified_file", "id": "file_278", "md5_hash": "6a7b74b4611e52f1b0a4112c3e23d5d7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "617200df312225262435a3d9ea2e0288e85d106c", "sha256_hash": "5104cec486d5a51421d8f507629b0c402a5960615fca7992a4e5a17cdcdb4e4a", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0dd063a557f7f09b66241cb1c259e24f22be5ddc", "file_type": "modified_file", "id": "file_280", "md5_hash": "2aedc6e5f1036aea641add1001f005d3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "0dd063a557f7f09b66241cb1c259e24f22be5ddc", "sha256_hash": "16cd55a4064e88295dc22a8843e38dd3d17c2fc4a4450a999fb4cc053d301c37", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7e6febd29b1534d8ee218b1d5b4dabef46b429b2", "file_type": "modified_file", "id": "file_282", "md5_hash": "014c3b50d6b6d29cbd19155c96d59b89", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "7e6febd29b1534d8ee218b1d5b4dabef46b429b2", "sha256_hash": "51f2a0b1b8706151dbefb7eab35ec2984b95404e5edf5c2c28951c06f15f9320", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7d0429bfa91c4cfda934f319028fa3c772cf55cc", "file_type": "modified_file", "id": "file_285", "md5_hash": "59b5b47a93aa0952247df77b2e3e28d8", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "7d0429bfa91c4cfda934f319028fa3c772cf55cc", "sha256_hash": "b5891762e85aa4ebfa3fc3500f06c0e34251bcd36076aaa3ccaa86aca7ae8ef2", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8977ef14a54d3fef3179740c985608ee904ea740", "file_type": "modified_file", "id": "file_287", "md5_hash": "ac8797e990a937c418cb0480528bb1ab", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "8977ef14a54d3fef3179740c985608ee904ea740", "sha256_hash": "d0268a10122a9a39386bce0538ca942ad5ee88d00430f9a0939c886a3f2b4930", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3f0e5b31a24308ef9e04414c1315c69116ece3be", "file_type": "modified_file", "id": "file_289", "md5_hash": "cd86678c5947d286edf177d3d35fd486", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "3f0e5b31a24308ef9e04414c1315c69116ece3be", "sha256_hash": "15546cee960168be0578b880e40b61f03d392d26e95ddb321dcc373099f0eda8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0ee041cd18a675aa64c57a82048bb39144c6f5fc", "file_type": "modified_file", "id": "file_291", "md5_hash": "e0c57894673c14db77b5716666f5a410", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "0ee041cd18a675aa64c57a82048bb39144c6f5fc", "sha256_hash": "f7108b96b4f7332ec472af01a850f550d41073b95bc5d287b8cf33585085df6a", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5a2950ca90d25f9be40b574d7b9c7f6fd4e97920", "file_type": "modified_file", "id": "file_293", "md5_hash": "5cfdd119094aca8c8d3d7b2121a6979c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "5a2950ca90d25f9be40b574d7b9c7f6fd4e97920", "sha256_hash": "b227c340096bc91a9715fe7ea4f2853f5bc2c0f83e523889777cdae9367a2b25", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ea8cc36012e999606a7673f34e0fb5ff76ccaf76", "file_type": "modified_file", "id": "file_295", "md5_hash": "1efab8986915f8f7469c0efd9da5e50e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "ea8cc36012e999606a7673f34e0fb5ff76ccaf76", "sha256_hash": "2de4cda693fbd22311caf871c724526b19b7b763ab6869b9208c04210dc8c2e6", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c40e627483b0f88557135adf3564db7e8937e5ad", "file_type": "modified_file", "id": "file_299", "md5_hash": "9c2ec6b248a6c888d5f1cddb5984c92a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c40e627483b0f88557135adf3564db7e8937e5ad", "sha256_hash": "33b3c30c7180ccee497871d9b634055d8eb7a20f87e602d61ae45d78a50fdf5a", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e2c43707aa8f33dac8cc0c88d25e29be2e442a54", "file_type": "modified_file", "id": "file_301", "md5_hash": "07ce24ea846aff536fd9e4700116a6e3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e2c43707aa8f33dac8cc0c88d25e29be2e442a54", "sha256_hash": "107722b4df2230907ba4aed3fc143047cbc27d0fbf16ac27ac9c3975f0a79404", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fa063383efd1c1d37e0146236494b23705ab2f90", "file_type": "modified_file", "id": "file_303", "md5_hash": "c4cddacfa4899921dd996f95a355dc73", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "fa063383efd1c1d37e0146236494b23705ab2f90", "sha256_hash": "2f801d95e8f5ed1de70bc91cc7c43804d050843f4e6746a4761f3e6cd7c940d0", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8a93871f882bbad23e11d6727b6d923e81dcf60b", "file_type": "modified_file", "id": "file_305", "md5_hash": "8cbb30ccb23992b9c939dc915505183f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "8a93871f882bbad23e11d6727b6d923e81dcf60b", "sha256_hash": "46d2092bdacbccfc6269319d7dfed07528b20e56b7428e56b9d724b55ddff0d8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c2167a7f67e889f8a830e3f576840fef19a34429", "file_type": "modified_file", "id": "file_307", "md5_hash": "af307d487e63a6e3bde288cf56a6ddd5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c2167a7f67e889f8a830e3f576840fef19a34429", "sha256_hash": "e757e709780d2b5e0aa3049ebe3501f7babc28b2387de5d9012b80dcd947416d", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2a6d749d0c2a19bc0de68718021455ff94f53ce1", "file_type": "modified_file", "id": "file_309", "md5_hash": "26b9207fbd0ce18d7262a631c85fb3fe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2a6d749d0c2a19bc0de68718021455ff94f53ce1", "sha256_hash": "d1532a59dfca3f30c55bb31c4ecb7c0f672e7ab0c813f816f77a9e76e41ca46a", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9f3a878a7825534f4605b20c0c2156f12b6b4f21", "file_type": "modified_file", "id": "file_311", "md5_hash": "90b637cab848a4523db02ff0d69e24db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "9f3a878a7825534f4605b20c0c2156f12b6b4f21", "sha256_hash": "e95492c11475735fd7c0b42a86d3ed82399865c2174d1e7ce10eba93b879ce0f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5683e0fe9de79e0306aed8a7813b5641799041ce", "file_type": "modified_file", "id": "file_313", "md5_hash": "40d31c19e6d1e1b7a0036d792e797afd", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "5683e0fe9de79e0306aed8a7813b5641799041ce", "sha256_hash": "14646fcac260f3b1da5b6ab9599acb6290c375f8952e3cc8b358ff3820ee2f07", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5e39c59f6f2d524451aa315cf71b3c67e1417a47", "file_type": "modified_file", "id": "file_315", "md5_hash": "8f8a94e5aaf3aaaab11e662f619a0bec", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "5e39c59f6f2d524451aa315cf71b3c67e1417a47", "sha256_hash": "ff711a36730bb5706531d5689f77a4bbc5144a0d1a1cbd3842e8265894ec7cbb", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/94c80bfce1f463faf05fc7d4789bc48278a3aed0", "file_type": "modified_file", "id": "file_317", "md5_hash": "e25912828c662b485a1a764370929281", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "94c80bfce1f463faf05fc7d4789bc48278a3aed0", "sha256_hash": "bf32c7912fafa3ec93b50da347a1846d8bacc7ae876ae49ca0a8fc6042c3cecf", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8f3ba761d924a9a057789cd73654cfbc3915543f", "file_type": "modified_file", "id": "file_319", "md5_hash": "ad09c327d1cf219adc263d9b25b0db25", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "8f3ba761d924a9a057789cd73654cfbc3915543f", "sha256_hash": "b48896928a1d59a4c61888180c20da9fc568dc717a09011f2a4647238adcb364", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/970c1d86396a4dbf9440e25ca90b0dbdcaf44a85", "file_type": "modified_file", "id": "file_321", "md5_hash": "80e7c46b9787ccb34985196cbf7dea26", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "970c1d86396a4dbf9440e25ca90b0dbdcaf44a85", "sha256_hash": "9bcec32676928a706037a9465c690152e55a32a8fdd79c2b8440fd98032aa9d8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1bbf87af94474b302b9235e1ad5d8f8fa79383a8", "file_type": "modified_file", "id": "file_323", "md5_hash": "1e9ec9ce60cae65a1dd67c729cfd8cf2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "1bbf87af94474b302b9235e1ad5d8f8fa79383a8", "sha256_hash": "d838a70102a3719a69f6f68e26b71e0232d30e440605fb2b0d5afa1abceef6bb", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4dd7dda6671676a229661afe09e6d369278465ad", "file_type": "modified_file", "id": "file_325", "md5_hash": "9a2b3c432bac4d587010c37ebea29391", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "4dd7dda6671676a229661afe09e6d369278465ad", "sha256_hash": "6a85393ba91e3b9dcaf6cbc309b7a9ceb9027180bae065ff4db449049713d4f7", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62f623acfb18f03b2715582940e6e42ba5898cb7", "file_type": "modified_file", "id": "file_327", "md5_hash": "f69c5e3c61a515adbc451d0bc927b2a6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "62f623acfb18f03b2715582940e6e42ba5898cb7", "sha256_hash": "2c4001d6c4aafb813cd1a52b02ebec228763c2a09a3a7775968235da8d912286", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d84827f9156e3fda5b4d2dff406accbbd148e2ef", "file_type": "modified_file", "id": "file_329", "md5_hash": "0eaca048bdef58a68f3c0264a93e2f4b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "d84827f9156e3fda5b4d2dff406accbbd148e2ef", "sha256_hash": "e983ff96fe5a9edce3d59ce3d08d459f012d7f2d89f175e5a10651d8087df4af", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7db34503fc04346d2c2aea4c552e29a568ca92cd", "file_type": "modified_file", "id": "file_331", "md5_hash": "2587cdf46034e38451b8b3b21407783a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "7db34503fc04346d2c2aea4c552e29a568ca92cd", "sha256_hash": "089af6ac4715881558192e4da19e827e2224f2c06cb0675ca20002532a13992f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/481b1428ccaaf8eb703c3918c641cbc6b397cb39", "file_type": "modified_file", "id": "file_333", "md5_hash": "146a056d27a5f2c59a58d145bd8c13c9", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "481b1428ccaaf8eb703c3918c641cbc6b397cb39", "sha256_hash": "34dafa12d4c449dbcff2efeb16f4191b4fe2bc035c45ff0da00e75bf26f6867c", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/57c8f3343458fb70c9a0a134170e2991d0bdc4ef", "file_type": "modified_file", "id": "file_335", "md5_hash": "14a765e58d9804875d47a6dc091d0de9", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "57c8f3343458fb70c9a0a134170e2991d0bdc4ef", "sha256_hash": "efb538d5778b61cde9b3120a6c1f207d491e87039d47a42a9735be4b45b769ad", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4560525db504e973c141b8e348e6e3d7c1f27147", "file_type": "modified_file", "id": "file_337", "md5_hash": "b181eb822b49fba9e7b19874bf0655da", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "4560525db504e973c141b8e348e6e3d7c1f27147", "sha256_hash": "675b79ccebad9711b4449ba52a0631104f873e44c8e153ca7aea5c2e2f2d99e2", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a5a62a9659012817b81749f895f9c79deb4ccf93", "file_type": "modified_file", "id": "file_339", "md5_hash": "04e9bd4de4459518c82ece610583405a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "a5a62a9659012817b81749f895f9c79deb4ccf93", "sha256_hash": "218a4edb833c409cf0286c9ea8dd9c15111251444a60c250d36e26573a0e8be1", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eb3fea9eed3aaa79fb32ea2eb00640def6b6a4ab", "file_type": "modified_file", "id": "file_341", "md5_hash": "6e9d1b595846ad143c6887565ff0fe46", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "eb3fea9eed3aaa79fb32ea2eb00640def6b6a4ab", "sha256_hash": "a79bd06930997e4e186f81a62361acfdb26fbf6c3c865fa5139a2315dc5f2106", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/acd0c416424d110ad87093d1e560776280887f1a", "file_type": "modified_file", "id": "file_343", "md5_hash": "dab028c0bc0a10d75b903a1087482b85", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "acd0c416424d110ad87093d1e560776280887f1a", "sha256_hash": "354abcdfea65c072a52984f34655aa25756a22f1409f4483ba75976053737f11", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2d182d034938193e7031ce520a73c7938bfe153f", "file_type": "modified_file", "id": "file_345", "md5_hash": "ea190f475373baf83dda4dffe46cb950", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2d182d034938193e7031ce520a73c7938bfe153f", "sha256_hash": "7f9900d7e8806e0fea08bfe8872580baef1d3efa9747ac07a8dead66cb5a7dda", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e17faeedd7ba723bf2abf0036e47cbf4d502c6b2", "file_type": "modified_file", "id": "file_347", "md5_hash": "ee8c27ad636cd7f6349876b2237eef0c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e17faeedd7ba723bf2abf0036e47cbf4d502c6b2", "sha256_hash": "264ec7cc00e8d554c02ae906c4547d058cd5f8923b064397b38416d65f257660", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/96e39173fc91d311c857fec0282ff2e719136e05", "file_type": "modified_file", "id": "file_349", "md5_hash": "49b3ba466c2544f04ccfbae43092a6da", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "96e39173fc91d311c857fec0282ff2e719136e05", "sha256_hash": "14d0427ceae6e3f556f08ad167e4b5e401f0be04daa8ed8ac0215e76ec79c66e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/945555a2a2f44e9ff7c645cbe42eb4dfd6a36ec8", "file_type": "modified_file", "id": "file_351", "md5_hash": "c58a51073ab312c83bd9e4c8dfb9da77", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "945555a2a2f44e9ff7c645cbe42eb4dfd6a36ec8", "sha256_hash": "54737eca2b9198ca2d846399c4c1a73d7483dbc02d2abcbe21057f6dbc716316", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f4816ca8987b2f7d17cf837e3ff936bc7fb7dc24", "file_type": "modified_file", "id": "file_353", "md5_hash": "36405164d4480e819b47cd8dbacaa922", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "f4816ca8987b2f7d17cf837e3ff936bc7fb7dc24", "sha256_hash": "925a96866ee4ddf226f0d85ebf8269385c8b197615731eee679a4c525c00d9c2", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e7e33f10525a13f7e39f9f4797ea746d49cd9451", "file_type": "modified_file", "id": "file_355", "md5_hash": "37a1515f4ff3fb3616f27aa4aea21c6a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e7e33f10525a13f7e39f9f4797ea746d49cd9451", "sha256_hash": "b9b8468eefba8e99f00f1b48a1135684eff6dbabb3aab352caae9ddba1a6016f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c06375ab0c71d9f79255621692f3b6f2cd3d33dd", "file_type": "modified_file", "id": "file_357", "md5_hash": "56f2ebda893480cab93ac7b106a21d46", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c06375ab0c71d9f79255621692f3b6f2cd3d33dd", "sha256_hash": "9f23cfde7fac02d1137ce9dfa994e27f604ab2343095908aaaaf6d5465953004", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3251627b2169dd341b465f9df3677151b710e6d5", "file_type": "modified_file", "id": "file_359", "md5_hash": "6f6a36eaf90e1faabbe04e7a9e54ea11", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "3251627b2169dd341b465f9df3677151b710e6d5", "sha256_hash": "1fa4e2ec6a6a8338661ea8aa4d341c4fc977306bd4d24d42c54f68cc87c619cf", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e031994a090dc78c31bd5b5322c7ed2cf65cc24a", "file_type": "modified_file", "id": "file_361", "md5_hash": "d4a671e6c04990385f5cf13a5db92880", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e031994a090dc78c31bd5b5322c7ed2cf65cc24a", "sha256_hash": "edf02c6182353f4b0fb8d4ac5dd73b55d677bb5dcfe9562d6a0df7cd8f16482e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/957bc23f8deef009343d63abb81c7855159cf08b", "file_type": "modified_file", "id": "file_363", "md5_hash": "d9d328bb97daad62b50c0ac1ba41ec5e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "957bc23f8deef009343d63abb81c7855159cf08b", "sha256_hash": "c48b873a0d51a12a69471470f29799c1e66a20108ac7a8ea901306b236cfd142", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1d16941b6d904c378cb1bdc294a371d77fbad5c7", "file_type": "modified_file", "id": "file_365", "md5_hash": "962f1053352fb9bfffa20e1c42c75b51", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "1d16941b6d904c378cb1bdc294a371d77fbad5c7", "sha256_hash": "5acd70af7768e16c7c27dc2cc555186a36e3d82cfbab61641f7aa29b7d751c24", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/80d30838b977c4f5acdfa7b5ba99ca75b2ee7c1c", "file_type": "modified_file", "id": "file_367", "md5_hash": "0ca81ece6f1814531cd41233e442a9ff", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "80d30838b977c4f5acdfa7b5ba99ca75b2ee7c1c", "sha256_hash": "a9d0e874301dc469ebe5980aa0d77f34aa41abaae2643ce5551860e5ca52dbcb", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/defd6edfdeeb4d4dbccf0bdcdfd5084bf1a08f93", "file_type": "modified_file", "id": "file_369", "md5_hash": "9ad91579dd851697749dfa2cf3aea892", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "defd6edfdeeb4d4dbccf0bdcdfd5084bf1a08f93", "sha256_hash": "e01bb9d0345daf1fe65ac4707894d34328dbd92c9faa45af53b9bd63963073d2", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/66c243d1ebafc71167bc821b3707a041efc66be0", "file_type": "modified_file", "id": "file_372", "md5_hash": "82ed0c68bc60422381c9e5fa125910e0", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "66c243d1ebafc71167bc821b3707a041efc66be0", "sha256_hash": "752b3fbe33fb73efdd7d1b246ebbe84d78395f446ae79c8a73867b0009a06b95", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8d03d7c9c1edcc28d24d4846c58c4ded35410a34", "file_type": "modified_file", "id": "file_376", "md5_hash": "9e3e9774c5d837095e59b7770396199a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "8d03d7c9c1edcc28d24d4846c58c4ded35410a34", "sha256_hash": "32e75f5e200acad31ee2eb42c9fa7b031c74feee17047e6dd0d59c74e0c06e41", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9cf5157a474a6b145421f1403877d10ef9eaf5ed", "file_type": "modified_file", "id": "file_378", "md5_hash": "1b14289679181df5d8e561fcad127c93", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "9cf5157a474a6b145421f1403877d10ef9eaf5ed", "sha256_hash": "2f6edbcdd3faeeaca02869a72b24f0cdcf99a438253398bb9c963b44b7c20673", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ab68284653f50d3c5bcff0afe9872cc2f479f333", "file_type": "modified_file", "id": "file_380", "md5_hash": "928a41b0926de1efb54efa02a5381bb5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "ab68284653f50d3c5bcff0afe9872cc2f479f333", "sha256_hash": "c15c8138a247884072138769f26b19933d028bdb9fc47945b07c5c24d59c7336", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/75a35e2decba91be000f7739af2d753e78cba702", "file_type": "modified_file", "id": "file_383", "md5_hash": "28325e3e130369877016e079288606ac", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "75a35e2decba91be000f7739af2d753e78cba702", "sha256_hash": "2927e6de3682d03cabde546b755adbbb72aa9467958815c82c1f4f3e7f58b642", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0a158e3ede963b794693a374bbb3a5df2c40b91a", "file_type": "modified_file", "id": "file_388", "md5_hash": "9a413875cfcd4450fd235c06e44c98ff", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "0a158e3ede963b794693a374bbb3a5df2c40b91a", "sha256_hash": "55aa076f56ba14188d2b379597ccc431a6cfaad7c56210f4dbb6bb09ecc630e8", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e4185237c601a3c90e0680bb521129f80d0349f2", "file_type": "modified_file", "id": "file_390", "md5_hash": "685afefa49a37f87df6bf64889f88a85", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e4185237c601a3c90e0680bb521129f80d0349f2", "sha256_hash": "4097bb0682054ebf24e4b6673e716c3e6f9803afa514ff205b3e532b55208cc1", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/318092e1f593575f7ae9f13930e1cabc53e4178c", "file_type": "modified_file", "id": "file_392", "md5_hash": "6eb3daf34d237367eb40ecf73bab961a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "318092e1f593575f7ae9f13930e1cabc53e4178c", "sha256_hash": "ee41416d53f68b0fac09cbe499259258bb1d3b8ffcaef2dd781de4ae6880473f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4709816178b373f54488b3a118cbbddc18a0eb72", "file_type": "modified_file", "id": "file_394", "md5_hash": "b6cdf8a0257dbc69915f287234e1cfac", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "4709816178b373f54488b3a118cbbddc18a0eb72", "sha256_hash": "9aba49a25654cc0842e9d164f0030662403aa4d6615b2f0bfb0808df62f7e82d", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d33f1a084f73a12be4635c6114d86fc2960c8838", "file_type": "modified_file", "id": "file_396", "md5_hash": "b71171b505dcc1b0140675afd0b1e9c1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "d33f1a084f73a12be4635c6114d86fc2960c8838", "sha256_hash": "632aa3d87811f8444f10ac49581a2528cfccbcdc7ba5ed37e20396c8d77c8bfa", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/20d650492e43070db824e162694ecb2b304357d2", "file_type": "modified_file", "id": "file_398", "md5_hash": "557887f951026c19176c4a4c6867098a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "20d650492e43070db824e162694ecb2b304357d2", "sha256_hash": "08caa4b078a03e4534c1ecc2a1b358c860e3a1abeeb792b7c1aa8baa078223dd", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d08ba3c02b83585a6ca7bf4caa579334317a0d55", "file_type": "modified_file", "id": "file_400", "md5_hash": "7b1dd579d2145fedce1cb63d9d54780d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "d08ba3c02b83585a6ca7bf4caa579334317a0d55", "sha256_hash": "14cc38cfb98097c38ecf47fd5a035c79c38de4b87c3f1bdfec5f9781e35c67cf", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/114b19f649151238bac279e804174441854f4b1e", "file_type": "modified_file", "id": "file_402", "md5_hash": "496d6300a0eb642366ab58380a6ea6bf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "114b19f649151238bac279e804174441854f4b1e", "sha256_hash": "46abd8ace5d4b4814880f29cee2f90f8f394357a9d643fbaecbbb5f329e6899a", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/05a6100cebf02c49eaa3ff6d0a6398f978846cce", "file_type": "modified_file", "id": "file_404", "md5_hash": "d0957692790dfe2696661052a1641d16", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "05a6100cebf02c49eaa3ff6d0a6398f978846cce", "sha256_hash": "625814443ecb384846b3bcc87a216443da79923bd6e41eb73ad46b0b0f63f363", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3d8b00e51622bfff4143e49634fb7bffaa8441e8", "file_type": "modified_file", "id": "file_407", "md5_hash": "ffca196605bda13dcdc3aa6082338cb4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "3d8b00e51622bfff4143e49634fb7bffaa8441e8", "sha256_hash": "f4c1ac4fc39b92920e38c23d863810f651cef43cd98d82327f0afbfd33827ee2", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6ab66f809ab20507168816285fb84a95bcaaf87c", "file_type": "modified_file", "id": "file_409", "md5_hash": "a6b790b4f599b697de18793c44407813", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "6ab66f809ab20507168816285fb84a95bcaaf87c", "sha256_hash": "3c8a3dfd989e8f66700fc29d977d833e137f35b536821b84d9e1e145f07a836f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/26b534d899964f789200192382f39224289691e8", "file_type": "modified_file", "id": "file_411", "md5_hash": "f740d7694e836c1cf9486529cd0944d1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "26b534d899964f789200192382f39224289691e8", "sha256_hash": "82bf3f31a86e858f404ad0bdf1f1c4c43a40d606df29779904cd7058a9c0b93c", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a802d687a92b8f09c1a89a7ec6243fb26574baa2", "file_type": "modified_file", "id": "file_413", "md5_hash": "8dfcaaa9061cbab9ca9acdcb0d30a962", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "a802d687a92b8f09c1a89a7ec6243fb26574baa2", "sha256_hash": "3f15f1761f3ad613580a1d1dbddb78fad37e0f70376aff947e67c6e5371bac81", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6be4f219b12c0d3411c813c9856dac842b3f5a8a", "file_type": "modified_file", "id": "file_415", "md5_hash": "3d990b42f0674990501c643e977c3ed3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "6be4f219b12c0d3411c813c9856dac842b3f5a8a", "sha256_hash": "0599034ef63a6242277d404e01dc889d6e06f2b13e9d7f959eb3b7b8917e0a0f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b0ec568cb6c9f2cbe52496c5d51ff4930764f814", "file_type": "modified_file", "id": "file_417", "md5_hash": "44446c4a5cde5259188e9cb083024bb1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "b0ec568cb6c9f2cbe52496c5d51ff4930764f814", "sha256_hash": "20b2903530464f0c19ad9ab7cfb57198bd415eb1d1245bbdc893651bf07ea8c9", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/27e01a0c6f153a8758d6d832a5b6c000b7785a05", "file_type": "modified_file", "id": "file_419", "md5_hash": "620c08192f0a7d92694e95ddbd9b6e34", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "27e01a0c6f153a8758d6d832a5b6c000b7785a05", "sha256_hash": "3fdebd2769a350d88cb64fa089df269c1412940cb75d823cc27f495407cfbbcd", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/557a6abdc35d07006966cf121da125657ecbbab8", "file_type": "modified_file", "id": "file_422", "md5_hash": "0e9a4c1490e2ec3e91ff48545251f127", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "557a6abdc35d07006966cf121da125657ecbbab8", "sha256_hash": "a6eac1d09ef5b671f74e7081e313174fed63707d21890aa669b399164f9413fd", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8d9966f9d54082875a6fc95603935b401ba6fb41", "file_type": "modified_file", "id": "file_424", "md5_hash": "3bf8c1cd5b846b4edd9ec4c795f2cd7a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "8d9966f9d54082875a6fc95603935b401ba6fb41", "sha256_hash": "aabf24c4d3ec9cb3b17be08f4b8f6d81d6601e6fa2302bd0a23d1b645af285e1", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4bd48941a9e804274a8a5febebdd74947961d132", "file_type": "modified_file", "id": "file_427", "md5_hash": "25b2750e41f3470001006ebd93190ad4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "4bd48941a9e804274a8a5febebdd74947961d132", "sha256_hash": "08e0736c74bfdf3f0c27ef2d1800651a46d763ce06d4c651452b4d1ee2699e4a", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2858ba3fce3fbbd1d388c6d92ca2fa0c15e44160", "file_type": "modified_file", "id": "file_429", "md5_hash": "2f8dae5cbdda3b0a33a6fdfd14ce476e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2858ba3fce3fbbd1d388c6d92ca2fa0c15e44160", "sha256_hash": "57dfac30c8fcdf36f5ccf299005c16f2e0d717e0518caee4ef4d17e16535b451", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bbbaa1287e45b217b56e6c4307eb6c4ab2cf9eaf", "file_type": "modified_file", "id": "file_431", "md5_hash": "d6b10b368c2e9cba8fe1e117d00d0df7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "bbbaa1287e45b217b56e6c4307eb6c4ab2cf9eaf", "sha256_hash": "950daa8a4f192e756c01238ea333193d9849fb90ba320ea95bc3629b49b8d98b", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b79d16d33a13599715681194ec997e89a7824f8b", "file_type": "modified_file", "id": "file_434", "md5_hash": "d6ee7c0e3c429afc288a62808b07a89e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "b79d16d33a13599715681194ec997e89a7824f8b", "sha256_hash": "a77bd150df8ab741ec02133ed4ec90499fbecc8bd396b60e50da83ce1c542c95", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ccb9b68610191f73a307d0aef5e347c98530540e", "file_type": "modified_file", "id": "file_436", "md5_hash": "fa6f52b53f435de6637d4f3753b0aff3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "ccb9b68610191f73a307d0aef5e347c98530540e", "sha256_hash": "cb545d2419a8719e696ac48b797d828bb1fb88e0822004ffadc73fb902c4a5f9", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5042d0edc18ed83f3959b1f04d530bb0738e8205", "file_type": "modified_file", "id": "file_438", "md5_hash": "48bd39ad048523493f812351fffadb6e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "5042d0edc18ed83f3959b1f04d530bb0738e8205", "sha256_hash": "81471dc045dfc193fd512ef80cf64d0828d98500d1a44b260b181c360e736b5e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/15024e4a4006e0facc753930b4f3de8dd3d1f4b8", "file_type": "modified_file", "id": "file_440", "md5_hash": "436f3a6fc73986dcd9d822dd9ca36f16", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "15024e4a4006e0facc753930b4f3de8dd3d1f4b8", "sha256_hash": "458e7a12b90d7426212b0b0ddf8081c4fbbbf9c382e96e0372318b4c4d8e3cc2", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0cfe6b3c6d9fa22fc4e0f7feec899b54ec7850d2", "file_type": "modified_file", "id": "file_443", "md5_hash": "065fd54fd48181a0870f8c5d35f15a7a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "0cfe6b3c6d9fa22fc4e0f7feec899b54ec7850d2", "sha256_hash": "0ce30343e06e13294587a627cef61c6e3c8579eb8ca384b6c6b829ebe694c2a7", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36e3b1d50ab531b0173e2bf83a100b68d29f962f", "file_type": "modified_file", "id": "file_445", "md5_hash": "6259a355604397d11c9cee594b1fbdf2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "36e3b1d50ab531b0173e2bf83a100b68d29f962f", "sha256_hash": "e0e97c035e5d1fd20957776a7dee1d7185e1079feb9599f17318851e16349412", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/61b9b3fd2c1f526b586918fbd2bf2c39367a7170", "file_type": "modified_file", "id": "file_447", "md5_hash": "105badd269a7c2ffc80f1b44fc67e88d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "61b9b3fd2c1f526b586918fbd2bf2c39367a7170", "sha256_hash": "4ded211cfcd5c62c7343fab522a5082a60847b4e7dbec3f8607cddab3f326578", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4249a66705107c6b9ae9cf7ed1e5a6495efb2d58", "file_type": "modified_file", "id": "file_450", "md5_hash": "b263183e057b732a3b5f2c4ce8a706ec", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "4249a66705107c6b9ae9cf7ed1e5a6495efb2d58", "sha256_hash": "93e8c96bb4a8b7ee1702494dd7b386b93152fbb2628b37edf4091a2ac172ff3e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a13ba4033f07cbf2eefaa672c11e87ae61292afc", "file_type": "modified_file", "id": "file_452", "md5_hash": "84cbee530d5a261a9a1bb0f5052199e1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "a13ba4033f07cbf2eefaa672c11e87ae61292afc", "sha256_hash": "223e185d21e01d7598a9d4fc0c9227ba4ccb91a9f63df5f46857cae062c0f74e", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2eae3ecac36af8ee6830b4fedfab584b2a71b6b7", "file_type": "modified_file", "id": "file_458", "md5_hash": "99f96b717523474be097fa05b2b81b36", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2eae3ecac36af8ee6830b4fedfab584b2a71b6b7", "sha256_hash": "80cd8de866fbec11e6ae6d657841401d7469b4aadb26c986d9886bb71efc969f", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2c9c6afb882a7fda231069ed0cd7614875a65a32", "file_type": "modified_file", "id": "file_461", "md5_hash": "55d69d4ab3c99c176f6f921a9dc5230a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "2c9c6afb882a7fda231069ed0cd7614875a65a32", "sha256_hash": "8e30dc8a8e2c0574a903dbdc32061c742c995486a8a83e9ae1f30f38da2c66c3", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e5f0597b758b86cd8423a35d463ba376c623495c", "file_type": "modified_file", "id": "file_465", "md5_hash": "fb2a005799aaf9b3dc68efdb13e85206", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e5f0597b758b86cd8423a35d463ba376c623495c", "sha256_hash": "b1826d98b95cec85546e23a7592acf034e83c5b6cec48c2e19da2bf6aff2df40", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/afdd2c58a8391ba766c8a7c94ee561dd9f038e40", "file_type": "modified_file", "id": "file_467", "md5_hash": "af99e9e3e38f169e532056b39ac208d6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "afdd2c58a8391ba766c8a7c94ee561dd9f038e40", "sha256_hash": "d4d8c49a047c2e59fe4985acc5ca283c1f5efdd69efe74b6d12fed8c0dee1006", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/486ebcb64e4dae319a187ab7d1d8a68fface0e8e", "file_type": "modified_file", "id": "file_468", "md5_hash": "59715a1d21fc28d6641f70e4ad44adc2", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "486ebcb64e4dae319a187ab7d1d8a68fface0e8e", "sha256_hash": "7713c21bfbbe7238e80883acc85f8389f2fd6fb48723891632283b076a12b35a", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e0f8914fefef927d19f03ac584f7f5a290e1f1ea", "file_type": "modified_file", "id": "file_472", "md5_hash": "efbcfc3e4733e9c6ac5cd4e645512aa5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e0f8914fefef927d19f03ac584f7f5a290e1f1ea", "sha256_hash": "b5ffefeab4a0e0aab793178ee455e063891e1beb430cc0eb45655bda091cc4da", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/73775a08f167293a7357a6ce9d53ba55936a094e", "file_type": "modified_file", "id": "file_474", "md5_hash": "f8fa42e08dedba0e4b8f6b0868b6f152", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "73775a08f167293a7357a6ce9d53ba55936a094e", "sha256_hash": "7b300a382b9a6f9d2d2eb5df1c6aab2af805a6fbb0797edfe365a1c619a1bd9d", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5ee7791fc83e4c6fb56635277d36ec65d098013b", "file_type": "modified_file", "id": "file_476", "md5_hash": "544ccb9f9f0b83eea20dd312b3abbb28", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "5ee7791fc83e4c6fb56635277d36ec65d098013b", "sha256_hash": "09b84a153884323422fc22f4f95dac2566d606b676f23ef762122a05df4ad032", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6dac849803cb1e45eee84f0363497e850524814b", "file_type": "modified_file", "id": "file_477", "md5_hash": "4eb3864df42b01bcd5fa7d1175e7c948", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "6dac849803cb1e45eee84f0363497e850524814b", "sha256_hash": "90cac6a6092127fab3d01d09d998a79ad2f36848fd1c47e913c0d37244fe795c", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/969943096e8451a26ecfb1cb4068f033023143c9", "file_type": "modified_file", "id": "file_479", "md5_hash": "b7b47dba0cb8bf928ed3d08ccea8506f", "norm_filename": "c:\\users\\public\\music\\sample music\\kalimba.mp3", "sha1_hash": "969943096e8451a26ecfb1cb4068f033023143c9", "sha256_hash": "d29733d25d73923965d5a62de18c7b5d8658335bf59f9481ff4134a0daab8ebc", "size": 8414614, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c674d18d8561c03a491b761b5a558930f7279430", "file_type": "modified_file", "id": "file_480", "md5_hash": "f1a486682c129d782bd66ac28c124323", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c674d18d8561c03a491b761b5a558930f7279430", "sha256_hash": "d94584c1d0285483aef2e261bcad0885f599fe55338dd10ffb6b308eaada9aab", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1a9d1276e9ce89bbb7d57f297caf4b3e7e44b2bf", "file_type": "modified_file", "id": "file_481", "md5_hash": "a02aec4728613cce3cfcadbf233fa37b", "norm_filename": "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3", "sha1_hash": "1a9d1276e9ce89bbb7d57f297caf4b3e7e44b2bf", "sha256_hash": "ab30d9eca9fadbb58f5648817e0baa42355fb44929232471c6dbfb2900704942", "size": 4114075, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/82535955f4ba92066c7a95572a6877ec5c4eb098", "file_type": "modified_file", "id": "file_483", "md5_hash": "34704874b8973be75ebc15fdd6b734e8", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "82535955f4ba92066c7a95572a6877ec5c4eb098", "sha256_hash": "e24a496b731be9280873e174218d7e91cc7f4d7e8fdadc86278f61e80f11f389", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e00f5868459dd39c60860715243a0388fc2565b8", "file_type": "modified_file", "id": "file_486", "md5_hash": "8047f9e908fae3185d5e65a304174087", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "e00f5868459dd39c60860715243a0388fc2565b8", "sha256_hash": "3ca686c824e2fe0cfe1444b0e6e5e2e4a38ea8aec20c20395dab4681b488ecc5", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dd792d2fdb3f73c6a35a215818d58f54e827f63e", "file_type": "modified_file", "id": "file_488", "md5_hash": "307d4df7a3f276f7c19fdfb3429f24c8", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "dd792d2fdb3f73c6a35a215818d58f54e827f63e", "sha256_hash": "cd6fa5ab0339a9f573620551b52c1228e2ca9d07152dea81c1c61dcf53e5b1fc", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9b3669401567d488038cc0a8d6b571dac599f956", "file_type": "modified_file", "id": "file_490", "md5_hash": "642a46a839a27eb70d2319244a7ac3eb", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "9b3669401567d488038cc0a8d6b571dac599f956", "sha256_hash": "66ab22e9049760b3293c89a09ebea385c673c8bcae45f3f3eede66ce4e22cbd7", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/96309dac05123dd54fc15d4c5632f54249c26234", "file_type": "modified_file", "id": "file_492", "md5_hash": "99e999b468bacb9a22280768109017f3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "96309dac05123dd54fc15d4c5632f54249c26234", "sha256_hash": "5a6163e01bf4b4c7658fc5cff698e18ee7bf437e0338bd43c1d58ce551d4611d", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d907e0ab4f5c9de26870b08bd856ed6d28e23ba4", "file_type": "modified_file", "id": "file_494", "md5_hash": "71e11f408044d50b85dd10e4d33e4425", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "d907e0ab4f5c9de26870b08bd856ed6d28e23ba4", "sha256_hash": "45aad9d3ad8bf5b79d7605dfc9f6aae7177b47ecb8bedbccd7f624d4469327a7", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/13b4d637441b0ac8066e0e65ea3057cd808848ba", "file_type": "modified_file", "id": "file_496", "md5_hash": "e12b225cc7dacfdd47cefef9d0eb3bc3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "13b4d637441b0ac8066e0e65ea3057cd808848ba", "sha256_hash": "41fe426330c2da1a118773e33270108ae8a08638c416b13d464114a1bb11a6e0", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/acfd571c1e048b94ab44b7e2db940dd82013c8cb", "file_type": "modified_file", "id": "file_498", "md5_hash": "b6e45162a02c917fc653da37428823d4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "acfd571c1e048b94ab44b7e2db940dd82013c8cb", "sha256_hash": "38be2fe4583afed36aa3260d962fca50a89682fa53760c54a8c1b235c1f8069c", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c72c547e22a9377ab7ba35ad03c09b057b71553c", "file_type": "modified_file", "id": "file_501", "md5_hash": "3064808363ed49100eb872c30cdc000d", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "c72c547e22a9377ab7ba35ad03c09b057b71553c", "sha256_hash": "c2505ef2d0d8190307df6c52c029ca81967fc7144134077c4f1c223e164730f4", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/175fe8bc6c1cd03c76bbcb370918a09778758d89", "file_type": "modified_file", "id": "file_503", "md5_hash": "f1d3150131f487362ca359ced1fae81b", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "175fe8bc6c1cd03c76bbcb370918a09778758d89", "sha256_hash": "8ceb35a7047b6239cbbc5b6eec9f777322129d87c9258f7535203563cce3c546", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/56056f8f9b5c3ab49c50bbb0b174b6124c73b57d", "file_type": "modified_file", "id": "file_506", "md5_hash": "e20abbd0f33c42e06691c9908c02fbb1", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "56056f8f9b5c3ab49c50bbb0b174b6124c73b57d", "sha256_hash": "541cc93cc3679af94fa1a23a9627a89a9dd9407f6e6a69dfcd19508fb6e48271", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/80b6fd6682c92346cf45fcee43986caa5a0bf9f4", "file_type": "modified_file", "id": "file_507", "md5_hash": "553e5c1501a8c231cca2e3db74db21e7", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "80b6fd6682c92346cf45fcee43986caa5a0bf9f4", "sha256_hash": "9c7034bb1d4f9f45b343ed088849084eeec2d0467c7d391696bddfec9222ff77", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0df500b09931d824ee6300d873fe28f18fb85471", "file_type": "modified_file", "id": "file_510", "md5_hash": "3447a58cb842436fefa56de3aea493b3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "0df500b09931d824ee6300d873fe28f18fb85471", "sha256_hash": "6c57e7de709a0c2c0ac7f117bb351a32b5bf5896be84a0ccc1f4d6865fcf36d7", "size": 1429, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/26debb0ca7f010cc966e66834a3cae8706df73ec", "file_type": "modified_file", "id": "file_512", "md5_hash": "e206ee6181e318c5bcf4a72f7b3837d4", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", "sha1_hash": "26debb0ca7f010cc966e66834a3cae8706df73ec", "sha256_hash": "80474fec8a059123ecf16cbd9dcefaabbd58a5f9508561c02fdf00bc969c38d6", "size": 1429, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_514", "md5_hash": "8c8c98b2eaafe01c0e7930c430ef16c2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6fb2f6c28d65c025591b2c2dc3139c68f9f70eef", "sha256_hash": "94f5671fcb562e27235acaa309c60ef1f31cd3bd8dc65b36eed5ffb53008578a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_515", "md5_hash": "93db0836c0b476ee74546070362629fc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7bfff470b92917b6ff85e65f5f36169239c50d82", "sha256_hash": "ec066c5138dca40aa4dce9e7b90e7acb3a7ca0ed71563e97a63d4c415a0e3cd9", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000336-addr_0x0000000003d40000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000336-addr_0x0000000003d40000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_516", "md5_hash": "24d5e33f8677da41520eef407a61fa75", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "16b48f84952d11ab9993bdf368492e809dc6f38b", "sha256_hash": "f199ecb2e532e67cacee0985074c30be67d61f8e5a2de5e915fd719bdcf44612", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000362-addr_0x0000000003e50000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000362-addr_0x0000000003e50000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_536", "md5_hash": "54672fabf74b76c864cc4c66044b616c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfc935a3b91ade0aa4708fc8f59d3aef80125579", "sha256_hash": "edb03bcb336130458a216de4c45e46a1c32d0c822e8ce66eb1ffcb93effa18a6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000363-addr_0x0000000003e90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000363-addr_0x0000000003e90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_537", "md5_hash": "885888a4f08eef19c2be72749cde7d49", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e15143a154a9600c3a2abaafba71c4049f0a1fd8", "sha256_hash": "399c2e35d471cd3b3e3f0408e7063aa6e973b6de832bee995a19dfd3c042a5b7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000365-addr_0x000000007ef89000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000365-addr_0x000000007ef89000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_538", "md5_hash": "c467b1e2eeda18c1de9211400470e8a0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63ef380d23e396d8946216c1adfc4187e58d9058", "sha256_hash": "97bed067b9534e7dcc60277644f7e6b728429c9d74d7f976ee33204a5e656042", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001509-addr_0x0000000003e50000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00001509-addr_0x0000000003e50000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_805", "md5_hash": "502e41d95bdb6fa0db2fb928af6235d4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fdec3ca52f93186821141c596ddbcd688e95ebcd", "sha256_hash": "bb18c893be97055f2a423e32e2253ee54d73aff2cc2be5fc7062f6d8f8a64ce0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001510-addr_0x0000000003e90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00001510-addr_0x0000000003e90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_806", "md5_hash": "78a088c83492a06ce0e5c51a3372fb1a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "298018b9df6170f5bd2218b9c64b02c75c937e23", "sha256_hash": "2fac870271ce0f44806feedd39af5599eea4153bca8160012ee50842fdc983a1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001511-addr_0x0000000004080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001511-addr_0x0000000004080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_807", "md5_hash": "f7b46090e75ff0b1a91c34a162c3664c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f6ba3d87913d0fcfa4b5f2214d6b51e083f9e092", "sha256_hash": "dcedcbfa3d2e4514ce5cf3e7f120d911249dc77c3a94132c56056cb03913e07c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001512-addr_0x000000007ef89000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00001512-addr_0x000000007ef89000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_808", "md5_hash": "1f4c602ac8082f2d74316ece83bcd2b4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2ccd2e10e80fa0a272a66fbb055aae95e997084c", "sha256_hash": "91993273dfb4abb9f487bdc56c4fdcb6119eab1a78c0e686b262ae01cd166161", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001513-addr_0x0000000004090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001513-addr_0x0000000004090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_809", "md5_hash": "13f6a950798e351b332b65b180de82c4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "182c760a6c2f59fbb18ea2fd35762ed1482d6795", "sha256_hash": "c863a0cb187d20ff6c3814a6d341cc8c3c4841686eee8caece8262e9c9487a41", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001515-addr_0x00000000041d0000-size_0x00000000002dd000-perm_rw.bin", "filename": "process_00000001-region_00001515-addr_0x00000000041d0000-size_0x00000000002dd000-perm_rw.bin", "id": "proc_dump_810", "md5_hash": "ec5d67df9db4a56a582fa530e4503939", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f58839b95e496f006316659d27e30e368b73b58", "sha256_hash": "002d01e19a4b661105527ae07c804fcd2330bf5a63c29101403982ea5195f163", "size": 3002368, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001516-addr_0x0000000004080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001516-addr_0x0000000004080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_811", "md5_hash": "02d9887b4fd2034d23356bf2284e087e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ec06073e0dccd86fa5534046bd317026ba3e8830", "sha256_hash": "3a04f4ce24ad6b3b2da335b159257d5da74819898bc27a73d4c6f1b03c4f37f1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001517-addr_0x0000000004090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001517-addr_0x0000000004090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_812", "md5_hash": "6c997e2212bd06ff700a0e6ae32118ed", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d1bea62d74ef98935d389e46e225fc713b7bb2ea", "sha256_hash": "6af6c7664cd2d7cf877d3437b07789ba24e4cb8145d45bdeabc2820a32159528", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001518-addr_0x00000000040a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00001518-addr_0x00000000040a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_813", "md5_hash": "4b7284ec7672defe95fa422f3491655b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d57143c1de37f601fd3aed2570bb4475da69fe6", "sha256_hash": "096c1dbbbf715bbe67dcb84e412c81f6518069470b430ad879f493c23f58fe45", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001519-addr_0x00000000044b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00001519-addr_0x00000000044b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_814", "md5_hash": "8915c8d25bc3b428f61c39237e8d53e0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e32d4c131a989eec0720c8dae6ff0717673e3df9", "sha256_hash": "e5620092648f2aad987ad48f4be45383b72a414775377c61d65e630906d76aa2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001520-addr_0x00000000045b0000-size_0x00000000002dd000-perm_rw.bin", "filename": "process_00000001-region_00001520-addr_0x00000000045b0000-size_0x00000000002dd000-perm_rw.bin", "id": "proc_dump_815", "md5_hash": "005fde0beb04535e22b6d37d9561f39f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb020a29fbf9ab4daa12d3678a616205d188abdb", "sha256_hash": "d4d42af1227f2b0ef7791dddb07496f8634a0a17ba50cb768a25a4eedbc82a17", "size": 3002368, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001521-addr_0x000000007ef86000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00001521-addr_0x000000007ef86000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_816", "md5_hash": "d1e2d28bc7fa9bdc0577149a312c7136", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bee7b18b3d001d98faf92414bc8871a78f41e9fb", "sha256_hash": "36a4f2801afc4d08a3049e2f36aab4231d6da9cad6eef4b1ebfe13452f652238", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001522-addr_0x00000000040e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001522-addr_0x00000000040e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_817", "md5_hash": "45e442c4e923b5889aa771cfe3255efa", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "676fbee8377ff5a73803e481d633f36c6d3fafe6", "sha256_hash": "ab1e6862c174f541f44209173e09ccd2d0c3e07d650b4b55fb9cd7648c1c2e47", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001523-addr_0x00000000040f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001523-addr_0x00000000040f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_818", "md5_hash": "f3690153db3617e245a954f812f97820", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c0d769cc50f4b168c0f6f831c7d7fdcc0cc1f122", "sha256_hash": "3c43ac1d029ebcccdb16dfdef0a2b700468c5e618e812cbbc185a75343fad948", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001524-addr_0x0000000004100000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00001524-addr_0x0000000004100000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_819", "md5_hash": "8bdb38fa7c69fa057b6b95bf62bfd7a3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c637a32cfd9616b24e495e97ba256b4f1990db37", "sha256_hash": "9c5da508f06d4e795a7a1d3783c49814160390228075c998262949412bd52288", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001525-addr_0x0000000004140000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001525-addr_0x0000000004140000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_820", "md5_hash": "56a313cba17d2a8f6db451b09a7713be", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f4394c62b49cb2e1f02de11b32dd46bfed4e0351", "sha256_hash": "862c1d384088bf259cfc12c7ccd09cf48a4d34aed37eeee4be15ce70d60ca9de", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001526-addr_0x0000000004890000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00001526-addr_0x0000000004890000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_821", "md5_hash": "0820ab0fc63bc4ca8e5812a2752269cb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "27fdc8ac903282eb904c1f1cf42a8226a56c983c", "sha256_hash": "18b8b56f332225ab991cd2b0577f82205e699c91c17c345f44aa9d946732130e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001527-addr_0x000000007ef83000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00001527-addr_0x000000007ef83000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_822", "md5_hash": "8f6f46eecbd05d0a83262ce4215fec9e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c96bb01d2d02ee5b0a37edc033c2dd8b41d9251c", "sha256_hash": "c76243a056e6db9aebefdedd55e251061f05c2948e8142856ef2e1086eea4691", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001528-addr_0x0000000004150000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00001528-addr_0x0000000004150000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_823", "md5_hash": "2983dbd9bcc09eb37abea1169c307000", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eeb082af6c86744c2d71a2bc15c6ca34d97c7f3c", "sha256_hash": "42bc33e200665bd5b5299009d4500daed5716a9b20b272ba06f7adcc96456e7b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000375-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000375-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_539", "md5_hash": "86e9daa659a3fdebf939959029975d0a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "03a95d0b8540e3795dc086e04b9dccda4c01e2e7", "sha256_hash": "611d372779626a27b95edfb5af3c2ceb69cc751537a402c409a9ce088980fea1", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000376-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000376-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_540", "md5_hash": "8af5dbbad531d1dd52a45b217a26cf79", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b15c9e613b72f5870f6042e462ff27033c8295c", "sha256_hash": "82b45c0c88d5d908bfa7c9473c459a2df18a9c4773ad78d8915ff52a97eb2f34", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000380-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000380-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_541", "md5_hash": "bca4dde5edb57495e7779186747e62e3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "869079ea0b273f4abb55c51a712a5dc9d083d582", "sha256_hash": "15977ed52ac709a4cf280b45ab091ae901c8294ad0792919a6b279c51a8abce1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000381-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000381-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_542", "md5_hash": "adba3ad533a0d05af73f9c35275db408", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e84c8154f492762702037fbae91651ec88799553", "sha256_hash": "ae232e3df5a72ca2ec97e6e0cba5eb90a23540082cb1ddd8c55da3df26081a65", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000386-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000386-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_543", "md5_hash": "4a08dcbdb5526349bb3ad4d190acaf32", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63b47b43dd6c16f63025b8b545badf53785a1a15", "sha256_hash": "b2d8e1569d2ad45a22c90b1bba927daae5c2a17d976c32d76af82f618c71716c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000387-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000387-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_544", "md5_hash": "73c51b26ab2856d03f911ea7f7ecb90c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1b946882832fc48cd8a3aafec56a71864e371bd", "sha256_hash": "5f7c5487fb018c011a090cef9613b8ed77338d6ccc96720bcb60e1fc5f4ca35b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000388-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000388-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_545", "md5_hash": "66b7b25fc8b4423c1bf23d2f71f23cdb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8932e35863e1dbd7d48d0d5d6ccf0475ae65cd6f", "sha256_hash": "af6de6a1c6fabb0fae36d4b0ac7623f9b5bb3b8e61df86dbf600af99783e990d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000390-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000390-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_546", "md5_hash": "a705996bf31e5a5f70423aea0f43f776", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d55527fc5338b1e7568060d1dd52e7234abff0e2", "sha256_hash": "b3946d46d7b5358d1b608143f7cc61c615f494eabb511ebdd41a8a210e4ce3fe", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000392-addr_0x0000000000110000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000392-addr_0x0000000000110000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_547", "md5_hash": "e5ff4be014f64aaa7c8c3934120899d9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6243425b61c08a75ea95e4d93bf0640233ba9d15", "sha256_hash": "067b5a7b854f2469be00a7f687412a8527b585049770284badce2183ffd175f3", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000525-addr_0x00000000003e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000525-addr_0x00000000003e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_602", "md5_hash": "70e1b4181efd719bab92cb9aa523e7e3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a8d04312fc2140bcbcfb8e5ac1fad7bb623c7391", "sha256_hash": "2b5a86f269e3827e580d36327c2cc851bdc4541ded68abb6d36ff2e51132055f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000526-addr_0x0000000000650000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000526-addr_0x0000000000650000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_603", "md5_hash": "ce9229f6cb61bfb949f4fd406fe9a596", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b06d536538bd796161e94bea667064c6cc1b060", "sha256_hash": "d0af605a6e9e8e6ce79648f579fefd791399f7ac16b7edde0b9fdf7e04db1025", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000539-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000002-region_00000539-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_604", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000540-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000002-region_00000540-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_605", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000638-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000638-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_622", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000639-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000639-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_623", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000396-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000396-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_548", "md5_hash": "b8f68ceafcbe8a9a9fcda35346a2db44", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d66eece4d3ba855a6558ff91c06822736f86100e", "sha256_hash": "d7381b2db29f2e83a911db05e094a3cb67d33e1bca28cb7b2d92e13d29635baf", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000397-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000397-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_549", "md5_hash": "4f64fa66e26a8f8fb72367bc0485868e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8ffb02517a66b05d7a190d8871dd5e4849aa5b8", "sha256_hash": "ba2a0f97aa50b006db5905a91791de90ed4f93807117f4ba15ed8edf0ae195ec", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000401-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000401-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_550", "md5_hash": "75600b0af3f0cfc497bed987a4e40dcc", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76cb190d366996aec30ea77d05affd8cd8c0e02d", "sha256_hash": "c40fcb73abccbf733b2b3eb778e701ffb6186019096e1f3a739b5408549be1ed", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000402-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000402-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_551", "md5_hash": "6f6279a0c063fb35e8612cab002b41f1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d791dd162440ff3b83aa8b2838e13537e1c6bb7", "sha256_hash": "eda33bbe487f65cbfbfb126091ab802b5745f2e2509a774b5e5808e9cf2b536a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000407-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000407-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_552", "md5_hash": "f67f30b3001f41ddaea3449e6de0b857", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ecdb5b9affb22a595ea309829a5fec491bbb3ab3", "sha256_hash": "33944bc69a1f46dd169f997f1391df383948ee4c080f899faf6699aa1a1cdb81", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000408-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000408-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_553", "md5_hash": "0601845eea1a58f4f8f4bcb5c3d07667", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57ce0d88cb70e6b6b552b2213c41f1dc971f22c8", "sha256_hash": "5267913ae279d0747ce25211b5eb503a40f1b1502e16f097dc2bfcb8c2aa5063", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000409-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000409-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_554", "md5_hash": "45d6cde89da5cb172015d62527a5fce4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b598ea8eb2ffe7d2d02f3aaf82adf66adf9405c8", "sha256_hash": "56a8e1f9053206a5c5e4553eeb700e9d0d007a5a03857b7c1ec04afa71b1d608", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000411-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000411-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_555", "md5_hash": "9bbc7466771a6a430263fc2a49632000", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b1dce21d2ddee15c8f958eba7dfd09b2431b8cc", "sha256_hash": "1c19c841c2774aafe23987867230209af2d84bb3bb0077c9877e1e4a2f9f5efd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000413-addr_0x00000000000d0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000413-addr_0x00000000000d0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_556", "md5_hash": "098985cd4dcc4531a86d9fb33260e160", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38be62bef01405ad96747d6f21b11110e7d945a5", "sha256_hash": "3bd56d9e3582c8380348374f8cdd2ca8a2f46d39f3cd2d2d14f9ec4fd7463388", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000547-addr_0x0000000000480000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000547-addr_0x0000000000480000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_606", "md5_hash": "a46dbd19b1032bcbb72862396bcf2935", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aed82420e7140a2935adeea67067bb013ef7e0fa", "sha256_hash": "deef21cc92f6d60432318274533e988b77bb84a11e29dd975e26c3fa9b99e615", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000548-addr_0x0000000000680000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000548-addr_0x0000000000680000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_607", "md5_hash": "6343a1596fd85672d4b69030829e15b1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9b82383b7990d888d2860b1cd1d33146acaebf1c", "sha256_hash": "147400be73ea92342a5d3a07207cd60e5122781f829e196e972a59596b61c902", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000561-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000003-region_00000561-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_608", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000562-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000003-region_00000562-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_609", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000615-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000615-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_618", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000616-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000616-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_619", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000417-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000417-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_557", "md5_hash": "44285b50787824a4b65bc7454bd0a905", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "89805e5a2b86154467647006cf4a31229912540a", "sha256_hash": "3c9b90a3c7abdab7f32f3f1db3c794f4c6c1b3b82974a86919a8f8559c406a66", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000418-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000418-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_558", "md5_hash": "90e68ad55078736b7d3f06d97a41e966", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d40292422ae71fd1cd62fdaf4ecdf7898f2e01f7", "sha256_hash": "1c6fbe2f08d9c8f4466afc270cb8118e6e769b3d1176cdb53813d147870ed072", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000422-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000422-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_559", "md5_hash": "f186b8a00cd163ee39578421769cc4ca", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c00a9d683bcd52a34e6125e3a666cfe33ec0f073", "sha256_hash": "dc3a7a82035ec9c4796e29da021868c8288b1378dcb298885555e54f7f6691d5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000423-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000423-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_560", "md5_hash": "14034fef233d2c5673114070f4d40b8c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "84074252fd231eddfaa07ab117fe247dbd08fc53", "sha256_hash": "941af0150190cfd0ae4eaa8e8f2e20ea522447d1f084c5d3e450c90f510ac618", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000428-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000428-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_561", "md5_hash": "444d5448ac861bf07a265d1ae96ee97b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b261dd8ba74306ca81f88a4cfb1590993b5f7fa", "sha256_hash": "1c77a5786365987e7ac991bc0e35ce3fb3fe968df80858c43a17ff57d653469f", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000429-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000429-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_562", "md5_hash": "d4dd4d2eda61eb6035b649919965b59d", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "606d273b125b6c8d98964fbb62caa986309b61ce", "sha256_hash": "e80b6d3fbdb41d37c42d453732f8cdf5438f3481e3c96f4501eefa4493d98cbb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000430-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000430-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_563", "md5_hash": "7e19787988c2da8750ec238fc2621a43", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bb5b574b0567b31e95e7707881767a4e82dfaf8f", "sha256_hash": "e350ba21776b61e56de3b94df0ca6676cab1141c34028857b1dc1303052c9701", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000432-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000432-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_564", "md5_hash": "d6557001c3587829d127b64da62c68d9", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c82f61f9e455239648122326e22aaa1bc8ee707", "sha256_hash": "f126be33cdcabd9fb44828cd1d6a1a3155fee9bb530e41c11df394735cd5a623", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000434-addr_0x00000000003d0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000434-addr_0x00000000003d0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_565", "md5_hash": "cb0100e2c4d8e0f6a76dfab9506191f3", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "45283c5c79a44c2448f3954ec939e263065c873c", "sha256_hash": "e6dd310226261375c3c453a87b78d7db76655e3c5ae928473f1044a306a3702d", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000739-addr_0x00000000003c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000739-addr_0x00000000003c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_663", "md5_hash": "a19687293e46f41586c51f57de4c1774", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "283aebca43fe035a9b1bc6e7540256941ac50c20", "sha256_hash": "c13d537ef3473ea45b56375eb32d8cf246674b1e4312473945230a8c8f741c5d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000740-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000740-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_664", "md5_hash": "56f06bd7cfc39ecb4d2da39dae595416", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c19ef1cbe66f119b56c45f667c9c4be45b108ba6", "sha256_hash": "ebeb6ea69550fd4235b297f95abf1f2ca20efe55b079aaba3f8acc5e52b41612", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000753-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000004-region_00000753-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_665", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000754-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000004-region_00000754-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_666", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000763-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000763-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_667", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000764-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000764-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_668", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000438-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000438-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_566", "md5_hash": "3c93186a2bae1c073ea86146a8f80d85", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2c51562e1cd6d048e49f789a89a0fba0afec4f93", "sha256_hash": "c6c1ef06acddcfb8ca8a6f7510b9fa9eabb5ed128ffe515e62200a61925039b7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000439-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000439-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_567", "md5_hash": "3314121cb131c47468d13c570e3a397a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "36ed58bc5a082a7ab7e598fa3451b561156c14c4", "sha256_hash": "56f66395148b5e5ae490861efc91942c196d6f303c7921619782047b9853711d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000443-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000443-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_568", "md5_hash": "b3470419ecb37d934da2f9a3bc62b142", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca3140afaa435df9d36d97e2c803abb766c051ee", "sha256_hash": "0734b78ca902dfde3fccb4c537b924abbe5c696daaf09bcfd2b59cae5465326e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000444-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000444-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_569", "md5_hash": "e5a7d252e38a25bf5b239d22c79f1e05", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "baafc80185767bb1ae2e0baa02ca02a7aeb588e7", "sha256_hash": "9868baf5d75d45f19169d12118a3ea93c02dba4e6a04e7bceed7df422962846f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000449-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000449-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_570", "md5_hash": "05c6a037cac0d25ce2d24ce0f8b166bd", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8e64e17e2d66a06297c215f72fbbe2a651528ae", "sha256_hash": "58d94a20618128d0f05dc70901732bc9b72c97a12493bac6afe2470f34f40286", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000450-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000450-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_571", "md5_hash": "6613e1e6aef052c5c8997f805473f2d1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a188b28e73f19530535b0e74a261fd77989b7f7f", "sha256_hash": "574cde226560da2384174ede1cfa73205b80b351bc62f6acdb88be60960d3694", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000451-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000451-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_572", "md5_hash": "185fa19bf35f58abe319108e0c8cc9bb", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d1e0df988f2813ec181bf464a83e90e3c487565", "sha256_hash": "2083eb55a1f7c16b596b1fe60bbcbcdc8d82ba233ffc942e3de7613769de4fbf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000453-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000453-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_573", "md5_hash": "08bd803d5bfde4ffd5575f95ed8a90cc", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a469a3c77c0be99ede5c1fa3b27ff5138b8ead7", "sha256_hash": "b76b20d151ce4a8585f26f42585bd8e04319b4b00a35b1b4cb534d2e26134646", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000455-addr_0x0000000000130000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000455-addr_0x0000000000130000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_574", "md5_hash": "8def44c7bce5f621cf6c8328cd599ccf", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dd9fe486c67480458202d5869645a341b761d99", "sha256_hash": "3e4ee00516199a29576466754e807cd7e97f4bde40aded415651df0ef9954628", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000569-addr_0x0000000000390000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000569-addr_0x0000000000390000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_610", "md5_hash": "3809ac833c5947205463afa6aa03a0e5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3bd3437403b3632d2369d0711fe52a4088853eaf", "sha256_hash": "3947144c6f9344ecc280c18021509567d2c8f25a504a8f06582ca35a693ea53f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000570-addr_0x00000000004e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000570-addr_0x00000000004e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_611", "md5_hash": "630776c67dd7f74ad6913881b1ff2d76", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4aab7bcce3a1983f13492cdd0ee553f0c829527e", "sha256_hash": "8cdd7f7ea03677dbfb353acd04c0d9c218eb3d33cfea8a274731d74107a47c71", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000583-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000005-region_00000583-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_612", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000584-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000005-region_00000584-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_613", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000645-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000645-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_624", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000646-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000646-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_625", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000459-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000459-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_575", "md5_hash": "2e09d0a4a8655a2f5932de35481e68a1", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "088ef475f123cb48fd8c97e2ff5f45160799bb42", "sha256_hash": "787be87cc25f779478b27ce2deb9b05dab3763f6bcc1f3303f00b10cfb6c7a21", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000460-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00000460-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_576", "md5_hash": "5c842ada677e662d1dd7bea3fb4da2a1", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e1a6ce08da9604c39a820cf40ab30ebf99ffb38", "sha256_hash": "d6353fdbc87a5a18672f4348e364fb329f95d14fbcd541efbdc094f57b9a483a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000464-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000464-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_577", "md5_hash": "1a2c05cf9e88fe12ce09da370d5b7c06", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0cafdc661e5f15f2dee71dbfa3b2e5fafc2f9dbf", "sha256_hash": "93dd167451af1680bb6306362163a40fd43a088986c105d1b5399c4ea69ea60c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000465-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000465-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_578", "md5_hash": "f909c413797e3039c9d675781f7c5432", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "414e5d1a544f27bbf87e4d4baeb630bb1e1e91be", "sha256_hash": "32940256a066614ce3da6853668c43b7ddd29a9e7256ea65c7e081d79b5b268e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000470-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00000470-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_579", "md5_hash": "2dd94c3cf311e54679eaa6545511fb35", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb1cb6900245b6b1680e3480eddcf8cc80d85735", "sha256_hash": "794ee51d0f147c63673dfa2e6026b701a9525a86c1abd8d49df5dd5e43a266fb", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000471-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000471-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_580", "md5_hash": "19f20bbb5bd28c836cbfe9b106cbfe18", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d30baf4060810c82538154070b0a26972f0ec8ba", "sha256_hash": "5d137fc27ee4e4f91cd297c6f22d2dbdb281c564746d67d052d5ec7e566f8414", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000472-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000472-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_581", "md5_hash": "7f04f6bba703607c4bf2ec9123f8cebe", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb80dec755a47b5538e3a5eb1158bb4bc49d5c3e", "sha256_hash": "07059034dd31744dcba119fe0322077839a90fd9896f6fe95709c155cf0a53a0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000474-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00000474-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_582", "md5_hash": "c436413faa83fba9285924ffb61d586a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4aa96cdbe7bc72d0180073976fbe2519ee36ed69", "sha256_hash": "c4710a82e447d7b45099bd382aef99705a65fc92d3a3f2f5edec45e952467834", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000476-addr_0x0000000000240000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00000476-addr_0x0000000000240000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_583", "md5_hash": "6f5d43a6b6d49d63b8f1a39d15fdd43b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d1431aef66520fb1352b8ae0ba7967f71878552", "sha256_hash": "6b7922cd48ed897eb5c5f48de7d3d38c952ba519e3f5b7df74bee899754c518a", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000590-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000590-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_614", "md5_hash": "5ec59f407a6fdb54f13df19163c96d1c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fc67e8bcbe4903318198fec456fa2013a949f3b7", "sha256_hash": "a0cfe8f325fad960361ece9811f834ffa226404bdd02d914f8a65733cfd986f8", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000592-addr_0x00000000005c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000592-addr_0x00000000005c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_615", "md5_hash": "95a73747f8863b5785b4c57fc74b0a0e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "16730f940b2a940148e759347c33aa26f2f35a95", "sha256_hash": "9430998f293e4efd3366015af54fefeef2e640af496e4e690c39c7020fe0e25c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000605-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00000605-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_616", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000606-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00000606-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_617", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000628-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000628-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_620", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000629-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000629-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_621", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000480-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00000480-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_584", "md5_hash": "8800b8dc68f8e959aded63ca0362f387", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "62bda70439bf98e5b9f5643b06f68f2d7494f3cb", "sha256_hash": "fc009b823b9f91e1e7c31a0eaf92f2232fef77ddd4182557e76aff7b18c0934d", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000481-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00000481-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_585", "md5_hash": "4345445d239d1a9cf512e8915f2485dc", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "77531919ef862a0081c15ea543c7876f510c3bc8", "sha256_hash": "c03a579b8fc49029e717849e24bca195ed3c9c25138cd65dab3efd8a9d1d1a67", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000485-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000485-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_586", "md5_hash": "26c816167dc9e250b874432e64c25dc7", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4aaf24d730e307289738b7cfca938a59b7ece082", "sha256_hash": "00eb0ed62da5aef66078fa8492e009cfa764da16efb23129aa6dab7d4ec00ad2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000486-addr_0x0000000000270000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000486-addr_0x0000000000270000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_587", "md5_hash": "5b9b0c3d187b2038c666a6e85d40fe2d", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c89d1b31529eb5f16367bf7d2e8f44e89110bcb", "sha256_hash": "36e5d1d2bc426b4a5529df5e6f9ce4d2fd262f151d1d0531490d87234eb3f492", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000491-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00000491-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_588", "md5_hash": "30bb4724fcfba763e2b4be9d68676741", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1931eb1ef22a6f9145728407c1911f0d6e5ccdcf", "sha256_hash": "f34985e2b230ede7ef315f511cc72143ebb0759283a873cb001629b49192d361", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000492-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000492-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_589", "md5_hash": "66fa41d48ff30e97dceb6cd008329492", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "477e9de814b322837953e85d879cde732ac66241", "sha256_hash": "7a869cda68fcf8af379ae4ed97f728b2f63258b6293417edaed07055b11fbb24", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000493-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000493-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_590", "md5_hash": "2f391debe6a5bb925419e7a00cfe95de", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b89fdea8af4ca01b544b718c4111697d1b595220", "sha256_hash": "28571d634033e4c9b2b9ea4ab4a6d56bd6eb0e14ae1c26655b0c2017c24f4b5c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000495-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00000495-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_591", "md5_hash": "ae53852af8a80f8c164cdc2eb4897e05", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ee043a5edcf7df1cc95591991f32d65101e189c", "sha256_hash": "0888dd21f85a21103768ef2477961b82971544a3885caae24b00823b74375c08", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000497-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00000497-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_592", "md5_hash": "2ab1abd22407e8c3b1a0031cb17b76d2", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "58f0d3d03eda1975cdd83cf310ca031abedbafcf", "sha256_hash": "7bd43de6b6219fb8048ffa68308225997b0124fadb85c8632d81895bc3f184fa", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000771-addr_0x0000000000390000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000771-addr_0x0000000000390000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_669", "md5_hash": "7d9dc7dfbc4aebd2bf3021b1612b4c66", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60c03e6a4a7bb54e0a2d8c0df08ab35bd26cf39f", "sha256_hash": "a6f438047f13eda2d862c172981bc5c297807c457a489037870d5df52e3a7bc9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000772-addr_0x0000000000590000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00000772-addr_0x0000000000590000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_670", "md5_hash": "7f87f8e6029a8cfd2e763288682e1a1a", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "86425bd3e970d918f5e5ca37c9ccdf5bf06b8939", "sha256_hash": "7fa664f75c90d5ac4b17ef2a5821a224970c7d0886d2fc94ba144007694782a5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000785-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000007-region_00000785-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_671", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000786-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000007-region_00000786-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_672", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000795-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000795-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_673", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000796-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000796-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_674", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000501-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00000501-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_593", "md5_hash": "10e6820d3ace8086dfa93e7f77524b48", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "008595c419559f1fde1220d99d00172e3d1deb09", "sha256_hash": "a65c0ecb9f2a111b226b064c1310e8e0dd6948fe662294c9f5afb02834a54f65", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000502-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00000502-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_594", "md5_hash": "b17e3d01aabd5afe44b827b61e25882d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9635774428644fb1e85659e842c8dcd562dce583", "sha256_hash": "ddd03b26a25f785c3f1444878e138da587adc2c07fb2d1778ad527b82afd0584", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000506-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000008-region_00000506-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_595", "md5_hash": "1c7414c5d7720ba1cbfc5c792b3e0062", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8de82d56d42876c0cfeabc89f4a52c8e326e1968", "sha256_hash": "4384192f5c4e35b3829b2fdea5e1f1b7d42e07aa5739e148389f0b32d7f4810c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000507-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000507-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_596", "md5_hash": "1f45c62ee7650fe540dbb38d5e02c9c1", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4bfe3b524d64fc6e108ad07f9757e7b45d61a7d2", "sha256_hash": "881909b2eb48f4947b6e52196f30cb63431ee8e0351855a3d8a1560d90b92fb6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000512-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000008-region_00000512-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_597", "md5_hash": "083fa0cece8316f34dcad77afeda0a13", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eae23883b28199728221e95020e535dc23bee7b4", "sha256_hash": "35919fa68186fb321fc63483de87c55a736a806d8a9fd098d43de076c98b4d3e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000513-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000513-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_598", "md5_hash": "531e989770d5aa31b1aed65530cccb03", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "223dc826fd3e969a2ef6f2a8b59f2080af805614", "sha256_hash": "96596a3127a9a549c67bf288579088feb2f90307846e16445b60869bd7004ee2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000514-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000514-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_599", "md5_hash": "c421ab33f6afb21065fe091b21207f2d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38cbfa7f6a09802e1d6218551f390f9bb7e22745", "sha256_hash": "8f4960a6e638b2c9ab26f0f4bad3f7051398394387910c105c97b13dc7bd90d5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000516-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000008-region_00000516-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_600", "md5_hash": "a437d24ebaa5c6613d327a9b951c1fff", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d72cabce61059f35d384680d1771e73d513b8d92", "sha256_hash": "d0f537d5624c1083af5294e0f294e25d5374c31170a0d822489699528ce9441d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000518-addr_0x0000000000520000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00000518-addr_0x0000000000520000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_601", "md5_hash": "3217760ec967e20b95d550cb0c249170", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71c20533df45d0b900022648a31b883ba4b3f150", "sha256_hash": "948f8364427ef160ca0d2e0f3ada3044e98c011d698b85eed890e85795a88db7", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000803-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00000803-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_675", "md5_hash": "7340aee927518e4ff701b275ad8467a5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65e647824f8be2f1c2df7078a5f6ce08daf0dc7f", "sha256_hash": "af2192d9353b02384a23b4b780c94274c69192ee8c4cd555ca7e8250b617f235", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000804-addr_0x0000000000780000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000804-addr_0x0000000000780000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_676", "md5_hash": "c17035bc4154728ce65226d06d63c570", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab814f74ea6ea58925f9fc23c74dc96f691ffa24", "sha256_hash": "f8be8eecde5f6f027f588fa3624e2541cf23c9c2cd5b1457d0a2c9fcb35fe08f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000817-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000008-region_00000817-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_677", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000818-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000008-region_00000818-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_678", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000976-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000976-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_730", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000977-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000977-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_731", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000654-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000009-region_00000654-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_626", "md5_hash": "c0fcc86846d23fb9d1e92edf2da30e0b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b02b74c67544fa83790d4080b7176114799c9f9", "sha256_hash": "038f2d8df0441a5f9d4bed585f451cf963a5c17944b7a2264742e7a06581fb37", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000655-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00000655-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_627", "md5_hash": "af17912c8347212b7a0d13ccfe05c2f2", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "235399f2e471afa736cda45e39a3c2417563abb8", "sha256_hash": "22123ea1717bfd6311431588958a95bf2e8840b87c2fb5d2d1ec4af915f5bae2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000657-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000657-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_628", "md5_hash": "34ef878aa1762e165394af453fb91023", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "731285de63ce9408c292cba267f7be1154b7caa5", "sha256_hash": "f0588807d8743d03cebb283e1b02bc618c1f20f9daaabfd3d8270bfdfe95c39f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000660-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000660-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_629", "md5_hash": "072f44fd50099fd83269bc8cac1f9075", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb470ecad30d3036b49d8ec1ec2bdba544d7052d", "sha256_hash": "7697921fb838729d1025db542d13c898a9d0df76688d202ca6017413a2250fe1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000665-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000009-region_00000665-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_630", "md5_hash": "cf03fbc3afd4a31e0aa3d8398e39bbb8", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4aa40d796ce836dda341148f899cfa9babb3e3bf", "sha256_hash": "5b8183501f9a604bb59ce21822094252b1082ae26929e004f039ecf1c065dabb", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000666-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000666-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_631", "md5_hash": "828afee5a077dc31b310e96c4445e715", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d1d8064a9b7b1b963b435da4d6077987c889ff34", "sha256_hash": "de1688474272192d044be0139b8d05af6631e2b95f85834f0b4cfbb2b2671c08", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000667-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000667-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_632", "md5_hash": "d72a32daeec5a08361302bce8b8beaea", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d4749ab21b70576bcb6777bf5fdbde9f99a3c698", "sha256_hash": "b5eb6113adeb156a095af5d92c3cc17655279401dfe4a795f64e65e7a39a22a0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000669-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000009-region_00000669-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_633", "md5_hash": "9d7459a6395a64660e99e0a2fa37f9e2", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8545f61b1f2523162e724bb76175209c4a24c3ac", "sha256_hash": "85b3fa3611e9baa19ff16d4e95e7437b9f5fd55f3923dbd8ab41b469a8878977", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000860-addr_0x0000000000290000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000009-region_00000860-addr_0x0000000000290000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_692", "md5_hash": "301d12b0e5fbf321276ce33bfbebe6a5", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05dcf6345181274407e7dfae618063949c920c1d", "sha256_hash": "cc194c49cb366cb9bd1219fb3a538999dfde6059e65620ec9608ddcec55bbea1", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000864-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000009-region_00000864-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_693", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000865-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000009-region_00000865-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_694", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001052-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001052-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_750", "md5_hash": "1856ac54968c31c0c5061bb899647296", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ad7cdc53685f1517c921fc27695b83e2015a31b", "sha256_hash": "32dd537c9318ca9ab4cc71c54066cd2d2261289159353dbed9179ac0e220379b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001053-addr_0x0000000000640000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001053-addr_0x0000000000640000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_751", "md5_hash": "e947bfabbbd228b1bbee60269441b5bc", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f663fb675d962b457109d55ab6e14d1e7dd640d7", "sha256_hash": "cff713b39b9cdc99115abeecaa1341a15ca9267307fad8c8c4d9297cb72270be", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000671-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000010-region_00000671-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_634", "md5_hash": "ac73659b0ba0d6cdd6c2ccc6fac2046b", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c73215f312b42e2579fa1b6d1ef01c16dd97fdb", "sha256_hash": "c4428ca08d94d99082571a03b743ad1c62af58829afe4f742379a4a536e5e933", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000672-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000010-region_00000672-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_635", "md5_hash": "5d554f47dfe89b9d9d23ff0a12841398", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c165d471848b52a29af33f935eb992d42fdf1105", "sha256_hash": "f5d94d9169502d0904f02d986358c24ff62e83b708fbe06dddbff02fc5bd3a98", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000676-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000010-region_00000676-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_636", "md5_hash": "b51b783bda05192705c560fed01e78be", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "620e678676df1c215a083b316605319fabdce5d9", "sha256_hash": "900248b5536a83bc6ef5f6eb8cad3dbec15b1ac85e02b5ff487f9ce6978456b4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000677-addr_0x0000000000120000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000010-region_00000677-addr_0x0000000000120000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_637", "md5_hash": "a99c2f8f1352fb49f59fe342a563a145", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfb6aadc800ca987d7cd8fe1b2253900617fbbaa", "sha256_hash": "f5d46b1c8e61a09ad5723d35013161de159565b3edb720337b2d712aabfa9756", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000682-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000010-region_00000682-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_638", "md5_hash": "fc297956e12d6f50246885aeede45efc", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb9d254c7c45b2e66e39209643ec2ad3f5a9576d", "sha256_hash": "da47a3c18dc2a17bde01bb55850a601d47898d96650e7fe845f3bf596207cf09", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000683-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00000683-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_639", "md5_hash": "908c7cf21e9b83d11c7f8d7cde4028d3", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90994010fb85b598756822cf8cefe74e5518fb54", "sha256_hash": "cc43632a2178e24d2b46618eb92daf6732b832235418eea009bbc5e572784b48", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000684-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00000684-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_640", "md5_hash": "24ffa91bfba467e0a3667ab187aafb94", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d49420241c243bce3b8f3697e407c4dc65bfde57", "sha256_hash": "f6f14411d0a55fbc701427ee3909fe93e20f4d98bd4940a2076e947f9e9359e2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000686-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000010-region_00000686-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_641", "md5_hash": "ab390636c2e601a377cb21054302a419", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "766c89c65f1d631860ecd9985b3a5b0cde50469c", "sha256_hash": "3ecc63323ae9c20fb3978388c2d022d34f42cce1c2a472fab9d453f879080b68", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000688-addr_0x0000000000310000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00000688-addr_0x0000000000310000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_642", "md5_hash": "1eb9f6dae786ba5709d0fc596d3b7c4b", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d8d80bdb024d5fc6a1afcf968a835677e6a9cbf", "sha256_hash": "176ac2cc751f5acfd19d30ae60dd6018844aa99e5a86a016ec1945f0236c34cb", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000869-addr_0x00000000002c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00000869-addr_0x00000000002c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_695", "md5_hash": "107f4d43e2dba49c3876eb1e86cebedf", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad836cf6880ed724ba0dd3d1f667e155958d7950", "sha256_hash": "75e7ab2db0ca87f293b916cdc1df42204b60a39bfbf0ec7a6935a4d6a0d710c2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000870-addr_0x0000000000510000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00000870-addr_0x0000000000510000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_696", "md5_hash": "ea0383cf485c277280a5647f350daa3c", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ea7b4dac6e670fd801845370414ec86ae3a4a5f", "sha256_hash": "d4a33b319b92d8e2c4094276489d821d616f21037550521caddd5fded44da84b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000879-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000010-region_00000879-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_697", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00000880-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000010-region_00000880-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_698", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000692-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000011-region_00000692-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_643", "md5_hash": "347773f0c9917e12dfd15ce2f9f8fc73", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cec8a814a79630a11c60c4486b1b1b05c5a2169c", "sha256_hash": "950dce40448f627ffd926e27250a5cc740555f1663c8be7498cc86b0c5762e5a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000693-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000011-region_00000693-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_644", "md5_hash": "68ad2c0f8a6d59f4aee07475a6857958", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "574fc450c3f35dfecd20549fc99d66db4619792b", "sha256_hash": "0267167d42f373be5400e517a88f7ac3c996882dfa0537174f6f53090a328d41", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000697-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000011-region_00000697-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_645", "md5_hash": "f2945bd7ef8acf8c63389e31bcc9023f", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "49add7c2835ab2ada4054adf552e9cddf81074b8", "sha256_hash": "8d979d82cb43efa2f035dab360ddd16b33442894b8d48ff5facb10a64735dc3d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000698-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000011-region_00000698-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_646", "md5_hash": "d19a7f76374ce65b0bd1a45ade015268", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d48739298e3d574832f63f31341a0e83a364f5e", "sha256_hash": "b3e1d43152801e142f96be2fc977d4ce24ffec77afb43c26bf787de83932067d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000703-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000011-region_00000703-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_647", "md5_hash": "728640c2229db39397874217ae730ee4", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ae800f5b8971eadf5b853a013ee0a22f7b4fbae", "sha256_hash": "5894c536ecc619f5beb5aecea3af30cdb0c56f8335663096b877a9a2cd4949da", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000704-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000011-region_00000704-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_648", "md5_hash": "ef34437e96a402a2ae3e566a2f19913f", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b39496abea3a859c1fde265a68c7163e343e9b8", "sha256_hash": "422dbf2cec7e6322a8c0043c5557b38a1cb3c2e5fc2aa2312a5682c01be937fd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000705-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000011-region_00000705-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_649", "md5_hash": "884bbf88762d1c1f57738e76819ffed7", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "baffd6f025e321b73c4a2508d7bc949f266b25d5", "sha256_hash": "8d47e566f3f04124dcdb552318949adf55d9b75078b9725d26bd640f1285c704", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000707-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000011-region_00000707-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_650", "md5_hash": "fec34d4f801d0da35139f5f5a8ee5968", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05669a2151d917c3ca803a1641270f8b11aa66e1", "sha256_hash": "744f2855b15a0798c615b4ae8d2f482afa6198ad04239baca7dd94dd48568213", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000709-addr_0x00000000001b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000011-region_00000709-addr_0x00000000001b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_651", "md5_hash": "bb059f44b33e30b802da96be3bcf55c1", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20281f671dd762d665081b301897b49780519685", "sha256_hash": "0a8fb53ac19c98b254e3342e200dfffa34ed6327fcf8ba90b3de0c1b3999631f", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000889-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000011-region_00000889-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_699", "md5_hash": "ddf5328b0343f31a877fa7b8db285773", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f268e6f456740df6e1568753b482a5df4b08e817", "sha256_hash": "514bc5bbb605296c4fa0b67696f9d829c863222fb4471c8647d47d4f99172385", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000890-addr_0x00000000003e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000011-region_00000890-addr_0x00000000003e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_700", "md5_hash": "543e5ebbd264d969223429f9e6d16668", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6589e59f4eb04e334a8541a904ec4ea7737928a9", "sha256_hash": "d61e10e3d0821009eed5849aa7eaa46d4656fe6096af13a0e15ddf0542f0b363", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000899-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000011-region_00000899-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_701", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00000900-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000011-region_00000900-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_702", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000713-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000012-region_00000713-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_652", "md5_hash": "ba970482abf708fdaab89a8ae8874544", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d64095a42eb80a95adea4da19eb33fc2cd8f8934", "sha256_hash": "edb9d04d09cc00ec647fd479bf3a220d324b54f19883c8a1504cdcdf4bfe55fd", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000714-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000012-region_00000714-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_653", "md5_hash": "21318a2fcc26f035feb5d255f77f6068", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fb9b1ddadf08291b6e653599a59c5a8e4217f543", "sha256_hash": "532b683e83f7c6dd26dced95920ba23ca651166b73000ea98da4483a9fb7892d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000718-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000012-region_00000718-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_654", "md5_hash": "ea6dcff5424cfb41368d90ea3bf7d325", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c25366b6824de79194247ca74caf3005621f0747", "sha256_hash": "686f44b076b6c621a0ec646d4338c302c3ec8ef1c5b4b3f08e73117399bf359b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000719-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000012-region_00000719-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_655", "md5_hash": "2d5d3d946a4ba218cecdee713eb45ecf", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c7793046403e7f8f7ed6301fc81fb95a2093f6e4", "sha256_hash": "ae5519c52bec82081eebd75afa192d6150c3059b93ad68a4cf43315a94afd53c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000724-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000012-region_00000724-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_656", "md5_hash": "dca1098887f85b18ef1e8686b4634079", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c2d191d3ebebcb566d9997ef53d54b1af8d89faf", "sha256_hash": "651026fb14fe1ba24155235ef7ef8e6a684822598daf0801273ed8f519abc049", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000725-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00000725-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_657", "md5_hash": "3b419dc5de0a193148191bfb8f7bfc26", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a5b3800f8402595a6cc8ac2c4cb304d7cee8d548", "sha256_hash": "bb44dd853594ac1925058ab4c3ebee72e7472c6950ff036140dcfc3509dbb45d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000726-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00000726-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_658", "md5_hash": "eaef9fe97ed08cd2a5e98d6fc33ae65d", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2a7aff38f6e2391fb0bbc785c42814d8b58f4d14", "sha256_hash": "6ebf466ebcc3df1b38220979a2c8b1af1d2696f006d96d1e4cf80dd2e59d3044", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000728-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000012-region_00000728-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_659", "md5_hash": "dd8ae7782e0f5660833f2345841f88a8", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "527cf51c1789c6f78fd2e209ec55df7aafce6bae", "sha256_hash": "99dc654e0ac1ba1ce601a0d61e88d79d930e19f8a3b988b1b38c941690a1bee5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000730-addr_0x0000000000450000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000012-region_00000730-addr_0x0000000000450000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_660", "md5_hash": "535f0058584d927343668e50757fbc91", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "99fff2cb3d71c5d56c6f90e21e030a9ef0c8bda4", "sha256_hash": "0fc911612be2b4adaa69580d49642be6281fc385b58fe171059d49de788e014e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000734-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000012-region_00000734-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_661", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00000735-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000012-region_00000735-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_662", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001117-addr_0x00000000005d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000012-region_00001117-addr_0x00000000005d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_766", "md5_hash": "72bd23f712176fb940cf1c4eb6f18443", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e99b49c35959ab2cd0cdf23bba240082bcffdbc1", "sha256_hash": "22206328e63686b410656a2199dca1a94d345c20c98d5c805d83c63835d5c6f6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001118-addr_0x0000000000840000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000012-region_00001118-addr_0x0000000000840000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_767", "md5_hash": "593e100d67e97cdeba3021909ba30470", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "16eff6db3aef4e8391d690d095dd65dab3631d8f", "sha256_hash": "1adac017643dbb99aba7841eeee70355ad8857cdafd9367b048f51b4acb9f0ae", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001159-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001159-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_770", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001160-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001160-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_771", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000822-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000013-region_00000822-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_679", "md5_hash": "ad5eee2685723a6bee068e55970f6192", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f6f3fcc72ab4b4a56e4b5f148b35394f0b8bee2", "sha256_hash": "49e395c302ba2d894a2c407e649810f05e230205c5402a9ad04be241d97b3eaf", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000823-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000013-region_00000823-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_680", "md5_hash": "0de58e33cf888acc1bc91f3c548d3c68", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2a3c18f62b61caa5c0088661018e537da31b80e8", "sha256_hash": "6d27a222c5ead41f12c4635d3be0797de01d61ec9127344bc29623770a21246e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000827-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000013-region_00000827-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_681", "md5_hash": "597b426674381a694d2169fdf44208d7", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a3bbfa19e1dd528b8920f53b38b05cad5521685d", "sha256_hash": "44717f0f4ff9cd294d3ad680e393214246a2aee4887de7d4887c32e335ad14af", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000829-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000013-region_00000829-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_682", "md5_hash": "9ca786ade57f51fd9cc04db73c374d6e", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a5ccdc6a7f562818db87f2e9c4da837ef387598a", "sha256_hash": "486983cc3129d8efb0b20f96b9c4b9a412d7fd5a48cfc6c5bbe11b92d8686830", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000833-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000013-region_00000833-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_683", "md5_hash": "e9df0791ffc974a8a31c63b599c1c7b1", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "80af2139a700eca7472be44169784110cfcbd1ce", "sha256_hash": "2139f4b0d6550e16dcca3be6b4b8243f1f84e81293e66e8bac78bb8b3efc7e08", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000834-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00000834-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_684", "md5_hash": "f8661f0a042430fc43586340aa164297", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e6cc395ab369347964ea8fe778a290848941222", "sha256_hash": "a0072811d07167b2adc84eeb28ddcb3b29c13af48844489e29d6758504e12335", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000835-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00000835-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_685", "md5_hash": "1a5a3195e3ea4386b0e70b39953b48dc", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8494c0eada2ffc4d731908a80f13eab80acd1ef8", "sha256_hash": "5571498a7a0b902b18b4d5449a1fce4afc17fc98945cf612d6d50771f0ce0ce8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000837-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000013-region_00000837-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_686", "md5_hash": "ab390636c2e601a377cb21054302a419", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "766c89c65f1d631860ecd9985b3a5b0cde50469c", "sha256_hash": "3ecc63323ae9c20fb3978388c2d022d34f42cce1c2a472fab9d453f879080b68", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000839-addr_0x0000000000340000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000013-region_00000839-addr_0x0000000000340000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_687", "md5_hash": "cfccc84441d40ca3001f4cc2acab34d7", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4134c0038506904119732b7d6eaaf2c27637c3c4", "sha256_hash": "ed55456352fb18ab6a03766e9146c68560d9cbb8a694ba07c500b8053e55c1b9", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000845-addr_0x0000000000080000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000013-region_00000845-addr_0x0000000000080000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_688", "md5_hash": "d3efd147d079ec7daefda508e53dcff7", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "350fd12a475dec099b279300b749d592d908b58d", "sha256_hash": "3e21c76ecc2a33a5e06f4bad9168f62f11346a582da72f842499b94af199121d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000847-addr_0x00000000004b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000013-region_00000847-addr_0x00000000004b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_689", "md5_hash": "5489f3e052450f1a2b6bc7595e8c690e", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4782beb5c080c2e12239e31720d47dc6551f8be8", "sha256_hash": "da60694d14b41c7f099b92ae8c904452120761fb65dbbd23adf6509ce301c0f9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000856-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000013-region_00000856-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_690", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00000857-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000013-region_00000857-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_691", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000907-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000014-region_00000907-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_703", "md5_hash": "c0f9f43f2734fc681e6d9521ee1fedff", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed3bd2e4a87f4654fce675177ebea9b6a16275e4", "sha256_hash": "ff6009ab63dd3a5e56d8fc61017734ed0bea09a9c8776e83b7f79ab50de59977", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000908-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000014-region_00000908-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_704", "md5_hash": "eb2fd528698e931ecc89434e42e724f3", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7f37785222e55c9f4ab6a77402d7af7ab53d8d9f", "sha256_hash": "99dec2cb8c9c211292c0d2124c75a1b6abd34b9ebb55265210667149b6f86749", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000912-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000014-region_00000912-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_705", "md5_hash": "c788a654abc5de851132901d370415ba", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fae686485f09b55847939e19594591e358210e9", "sha256_hash": "93d5e4258b7148b12b617dcf0e6cdf37b37008df412d6f26e0ad138ade0a24e1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000913-addr_0x0000000000340000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000014-region_00000913-addr_0x0000000000340000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_706", "md5_hash": "b8a64701296986c92d7338e4763c9769", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "893cbbf2a27f738b28e0cee3feaeeb133648671e", "sha256_hash": "131afe6621217c47a60532da9d071810a10c5811d65237bfcd047181e32b879c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000918-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000014-region_00000918-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_707", "md5_hash": "1e8370ce2a5aa37ad3f7c6d27d6f2a6f", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31d31e2c77b10d433475e4e3df47adeb8b91e8fa", "sha256_hash": "8b2382b751f484b5d8d040bba50c5d4b539a2a27a9aff5a68860fcade5e44d37", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000919-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00000919-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_708", "md5_hash": "514027027352db5d4607ca965d365793", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "554cf0987d2c09e701357973b87980daa7cd1c42", "sha256_hash": "14132c84aa102f8a842432819943f58e22d4821eae8d16cd0bfef964bb63c99b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000920-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00000920-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_709", "md5_hash": "da3bbd210e63bad1e0e9cfe4a0196d19", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a48ec8394c6cd89004c512e953e722819075a84", "sha256_hash": "c0560c1b19ee6a0b2e3be744db1d0bf03592cc2f35b3e98b4d4aaa043b32c3c7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000922-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000014-region_00000922-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_710", "md5_hash": "c820b9c968b84a6bb6c9b3acad6582fd", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92324deb8a98f3c0e86800e6a606eb5fe3736f1d", "sha256_hash": "cb25548aaaf7638e1bff1d866fd51d241aa3193d4d3e33fd9ba5f25d15dc5457", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000924-addr_0x00000000005e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000014-region_00000924-addr_0x00000000005e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_711", "md5_hash": "9a04b164150c100e8d14832b4458e239", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bff380a1b6b34b85c25225e38f767c3c9ba1f635", "sha256_hash": "6df3f99f6e4c97d66c11baa28251a934e791100d08340f48b86e45dafd72149e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000928-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000014-region_00000928-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_712", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00000929-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000014-region_00000929-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_713", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001137-addr_0x0000000000570000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000014-region_00001137-addr_0x0000000000570000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_768", "md5_hash": "f908bb884da80c2c3fcd69378e914c47", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54acf459cf58829f084b3fc90374d33ee2d4dfa3", "sha256_hash": "414bf497c7a6d531afb254eb4121ef813519fbb121dbfdf8f1f01230286608ef", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001138-addr_0x0000000000800000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000014-region_00001138-addr_0x0000000000800000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_769", "md5_hash": "3cc38c1a6715ec9a27ad8f4dbafe495f", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ada39c233443497b6cc6fad3c28d756a9c0ae78", "sha256_hash": "960c42768175da3dcf268e1a3f9515cd5ee8bcf7b9890bee15191b104e684688", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001169-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001169-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_772", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001170-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001170-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_773", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000936-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000015-region_00000936-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_714", "md5_hash": "2988bf579a89617986f99fa6f78d79e2", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ea1f0b34be20d2ff8b6e327003ca07a886f5666f", "sha256_hash": "4e91f2b1cda925eca49e46859c9295ff74b2ba8ab4a322089eabf4b47ece1e2a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000937-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000015-region_00000937-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_715", "md5_hash": "b3bbb3de425ca4f96ab943376428f295", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df988c2aa55d84baab3a74495b5467371ae47c61", "sha256_hash": "fd83cdade4d209247cc151c264bd56b44cd1a676c0f5e348841bb59dbd281c36", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000941-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000015-region_00000941-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_716", "md5_hash": "cc85f9817ff76e87b7414f037279a2b3", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "445b9cdc298e5d528f857b6cc5474eb3f48a542d", "sha256_hash": "598cb45db97aad85df921add35d4a4d75086283e8593384b8a8050740f145e7b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000942-addr_0x0000000000120000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000015-region_00000942-addr_0x0000000000120000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_717", "md5_hash": "ff7818a63287de341a126a1535cb2a72", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9219b8fedcd2ab86337c44c0dc77950805905db7", "sha256_hash": "febe096f0a854bdb40aff9484147ddf3fe4928850dcbb153b06ae152249bbd5a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000947-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000015-region_00000947-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_718", "md5_hash": "001c932c5d979dd752b9c601d3a45609", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "87fb7ef66707fa4a2922953ac81f6e052d09ae78", "sha256_hash": "635b6fb4a7a13e92ebd8f2fb7379805c128e13d57b93e9a7759e055e23f467df", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000948-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00000948-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_719", "md5_hash": "65155e62cfe8a22c98e0b599aafc06ed", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4820053f92dc0b5068e7c96bce1f8ce946ae1a17", "sha256_hash": "c7d0009b57cec098d22e1a646eb74a5e70f602938fa09cda8eb4f9ba652d49c0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000949-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00000949-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_720", "md5_hash": "260d7f2deb13128e6b5d884442a10a28", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2e5d81d994cb7ff43e4545e2f066689ac6b69715", "sha256_hash": "78c621691d756d1111b5b2b7a224f11140abf49f196e9c363bb3711e93ec6b38", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000951-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000015-region_00000951-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_721", "md5_hash": "47bc2f28e2caf34f8c8eee847aa5a55a", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2a009cb641a23be8fe30a0dcc7f9d118399ea618", "sha256_hash": "ce13ec19582b53445b08c16f6c99b661f9007a7256062829da89c2c2cf97d7ea", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000982-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000015-region_00000982-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_732", "md5_hash": "eccf2f33ab6ea5476cc2871e7b309355", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "77b9b43fa2bfe870b8daf9936774c273f80b824f", "sha256_hash": "99f0f34198e7761aa0ae4006e96a9d69ab66b97835d5b87a6c56247f3d6da691", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000986-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000015-region_00000986-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_733", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00000987-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000015-region_00000987-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_734", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001033-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000015-region_00001033-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_748", "md5_hash": "df303d762688fc9c05b27f97b3bdc53a", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "19973786f7a6d9b5bbd07c82f36fc5e6a5634d71", "sha256_hash": "b9ea88a4c2f84a2973797a8d24ed8bebe5ec97358632e5f430dd3da5c9239948", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001034-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000015-region_00001034-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_749", "md5_hash": "c64c2bc7113b1936a3604d48d58540de", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "09c8340a6f8b882cce30c1c19301d96ca47f41a8", "sha256_hash": "90fd79ed64039dedd81161d0a4d0f33869a3f8f6ac3a547e1d104869c4590c79", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00000953-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000016-region_00000953-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_722", "md5_hash": "155b8327710e109b3a9e5d66491af486", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a353bea069c0246a036707b09be56dd678a448f3", "sha256_hash": "4f0ad52515863610084ab5a4d313a3a1369b8b7b045b32f1397b4106f2ace102", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00000954-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000016-region_00000954-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_723", "md5_hash": "3698295bca70123c5c979e11ac4bd791", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b94f055b0df173f74802c4c63515fba9a59e670", "sha256_hash": "2332c3456f5de0089fd7b7a7fa01eee64e0cf9cb69d77a52a196d6dbe2d5295e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00000958-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000016-region_00000958-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_724", "md5_hash": "98f6081833f8fd281c99089a5de939fe", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cd2977d1e50166a934cbf57d7f784fcc03add1fd", "sha256_hash": "e24910203ad7d6c294bb28186cf7f9b292f897890d786aedab528c9aa8d213de", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00000960-addr_0x00000000002c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000016-region_00000960-addr_0x00000000002c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_725", "md5_hash": "a0d1145821439cd382bb910aa7892b4e", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4244fe21acb92d89f1bda718138c9b45d3798e41", "sha256_hash": "6bf6938c84b218f87a1759ca4f02ede2ff22a04f741cb12e213b71fa5b9b1548", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00000964-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000016-region_00000964-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_726", "md5_hash": "20c11997591d77581c8979fcb4ee255c", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ad8b4d63b04224386083887bc5579ff47adb4dd", "sha256_hash": "da0cd22f6cbfa147c6bb832dad58a12b0c9f633278e4bce381818ad2c5083d4e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00000965-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00000965-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_727", "md5_hash": "39381031b6faa288f31028d5b2126f40", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4e17770155a52a3a301406cab840f3740527128c", "sha256_hash": "45fcaa037102953ebb7882d683f417b548751152b9ee130af01ce5ca633de9c0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00000966-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00000966-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_728", "md5_hash": "9bfd688358599fb5f4e9dfb5e3cfec59", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18bee5f9b25dc6a73014046d5e64d19b184301a3", "sha256_hash": "774936cfea21683060ed96638af315df0221a011a9182951caf00e909d41f9ab", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00000968-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000016-region_00000968-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_729", "md5_hash": "47bc2f28e2caf34f8c8eee847aa5a55a", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2a009cb641a23be8fe30a0dcc7f9d118399ea618", "sha256_hash": "ce13ec19582b53445b08c16f6c99b661f9007a7256062829da89c2c2cf97d7ea", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00000988-addr_0x00000000004d0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000016-region_00000988-addr_0x00000000004d0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_735", "md5_hash": "c724f4936ec872ab90af040d81bb2320", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b2f0f5aba2f4c883409252809601fa6e8a8fbca", "sha256_hash": "24519cf65588e415b043356e5a3e269b0a9733cdb444c896c383a08e6ff29ba0", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001012-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000016-region_00001012-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_744", "md5_hash": "bb3fd7f5205d373516e97fced3d8b5cd", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1aad726462db9d601d93b32e6afc722aeaf7b41", "sha256_hash": "f37e92d26fba751ee30be9c70be1666b7acd85d2a3515179ac2520b997be0f93", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001013-addr_0x0000000000720000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000016-region_00001013-addr_0x0000000000720000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_745", "md5_hash": "63e3ae6b7338076e96482e0b7289dcb7", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94572ed3d1adb6037aa30b4410386233146eda2a", "sha256_hash": "146c2ad13c68f8d52cdc93a1995b640f4a73ff93f4dc4e8b216564723cbfaae9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001022-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000016-region_00001022-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_746", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001023-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000016-region_00001023-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_747", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00000992-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000017-region_00000992-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_736", "md5_hash": "445c16dabef64bbfaf2e4e50ccd79f12", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a1a29ba5d94a19f839291eb2da7cd77621b3b6c", "sha256_hash": "b12fa35ca215af8eaf9da7146f5e9a5eba0a80556e643fcdd083016967007103", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00000993-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000017-region_00000993-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_737", "md5_hash": "2f5d8f3fd116ce6db0094e5b5e0a68d1", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bd9e711bd0d1d4fbca3c26cea4309ce926f2e4bb", "sha256_hash": "6330eacac30f63ee4194af6d4c3f6d5cdc82740875f1935ed4c10ee9d4118561", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00000997-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000017-region_00000997-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_738", "md5_hash": "f7694b0d301d2eadabe86c8b62e980a6", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb981bb2baff71058cd0c04c55b14738a52100f3", "sha256_hash": "3453d69d9fe6afbd8312050736d47d3a1654f09e5e64a26e3c274e449b1f3563", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00000999-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000017-region_00000999-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_739", "md5_hash": "bfc5ece5c7949b5e449b635140e53c3d", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91e824c172c96e5fca7f376f345adf13d3350494", "sha256_hash": "c24c923dda8c543c8959f83e33acc680f90fe604472dafb6bc2e9928429b574d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001003-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000017-region_00001003-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_740", "md5_hash": "9dd5873b51b3219be5dbe99128c3f9a1", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1358df91792c111b30497de5c73dc33bdebb54e", "sha256_hash": "aad04ab63779d5ccf053a023e6f139c1de8ff4d77ec50940feab3824a104c36e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001004-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000017-region_00001004-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_741", "md5_hash": "3ba6cb9f43d63a5c58d8b6389f403f5d", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3901aef0168a4df60627ce9e4116136abe8f23a", "sha256_hash": "4c6523b89709f5ab2b4ebc6593a0f8aa8f49bc35c8d18c499a3cdbff61f6014c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001005-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000017-region_00001005-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_742", "md5_hash": "6e8184c2e73da97dd1e277704560098f", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "41d9f47a106cb8059fcd0ffcc2932040e5110c53", "sha256_hash": "338fcf976048eeabf7200fd959237c2140cad39d40e477fc7d8f97eea129c3b3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001007-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000017-region_00001007-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_743", "md5_hash": "9d7459a6395a64660e99e0a2fa37f9e2", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8545f61b1f2523162e724bb76175209c4a24c3ac", "sha256_hash": "85b3fa3611e9baa19ff16d4e95e7437b9f5fd55f3923dbd8ab41b469a8878977", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001064-addr_0x0000000000260000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000017-region_00001064-addr_0x0000000000260000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_752", "md5_hash": "e553b629af62f8a03b1a010aae5851d0", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "012e16c22a1fb823a977e81c988482ae2c710616", "sha256_hash": "30c5ba33d1e20c240a566f7744e29838de2648a9101bdd895c1ca8375e6b03d6", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001071-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000017-region_00001071-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_753", "md5_hash": "81e3f8126ffb9e4a3e2c52b796d0bbf9", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "869b02908e19efb68c23f3771a600eb126275aae", "sha256_hash": "c11546358b5c27fcfd7bc4e676099f9e9a64251c2d5af8f279c783eac7002e7e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001072-addr_0x00000000005f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000017-region_00001072-addr_0x00000000005f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_754", "md5_hash": "a549b6218e4042f21e7864600662691d", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91bb9c2fc07e43db6c684ac2e27dd40c3ba3ade9", "sha256_hash": "572e746f6f4451c84d7699069382012274d6289d718a8cef08e6e74f281d4e4c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001081-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000017-region_00001081-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_755", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001082-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000017-region_00001082-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_756", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001085-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000018-region_00001085-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_757", "md5_hash": "ec05dde882032675395d58f25c392932", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73899add899583183318649027c22cda033aa522", "sha256_hash": "9ce4e8121ee7a0f26a1cf3f4cf683adb568e340b343b1b1de1b218476dda31fe", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001086-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000018-region_00001086-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_758", "md5_hash": "5d1939d8bb022e22d91e69989c401ffc", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d38dc05ab40111ab3b032271c127d31351e3f0ba", "sha256_hash": "b76f60a6ccc843e4ffe27cf6fdc496f8b2f4dd8f35715bf69e9be351e5eac723", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001090-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000018-region_00001090-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_759", "md5_hash": "c7574d218728ee7317cff909435b1dd7", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fa9375e55f4526e6917e93c90ec49976dcff45ef", "sha256_hash": "e0768365f36e70eb42e399ca56de4bd2c3584df1fab2a0ee5356a199aec2acb6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001091-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000018-region_00001091-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_760", "md5_hash": "42e3eb9858521c2c74bc92a06b00b098", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2dcf107d9e1f2482913c2072f68abd2f9098ad64", "sha256_hash": "c60d27da674881931d1a35797d3adb427162d2765108e4c3d20a335833767488", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001096-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000018-region_00001096-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_761", "md5_hash": "d523ee79e80eb24b045bcb42ef9a5405", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c46f269196d549df9c12c6c158a13b9d16be97af", "sha256_hash": "ef76401136a35d87ed909a40d0c72b750ad5c66c63c8da05e34dd5b619507aee", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001097-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000018-region_00001097-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_762", "md5_hash": "d2ae812024fba731417769be2a2acc7d", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "56ab8127fdd3f9f9525fe59fb9bc89dec440af57", "sha256_hash": "ef85812bf5afa85a869a5024823126f8a9948ebc33f111fdd015dc03a389e156", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001098-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000018-region_00001098-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_763", "md5_hash": "0903e69d74f550cc38a5f20ef2b94a04", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52ebe7a2c8280e2889468fb9bc6275a29d1d6cee", "sha256_hash": "8ac1dfc0dd16ea36ccbb1c8eb9d07ffabb574e7d96a07bbea9230f2b9decd2d3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001100-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000018-region_00001100-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_764", "md5_hash": "9e686f3b65e1bdad453771fb586a5ca2", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f17bd8f99ead7df0caa1e144332fb9e97b46c0f5", "sha256_hash": "853d6c7324a6b66fa23a215e6835a926f8089199e2f9e37d9ec36ed05414407b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001102-addr_0x00000000005c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000018-region_00001102-addr_0x00000000005c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_765", "md5_hash": "9632f6e6a999e5b6ae7cb7f40ffc3e59", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4bb909abc6e777ce5c61c946c68ea9670decdd1e", "sha256_hash": "43d711ba1aef60addf26d63e1bad9eca96fd90a0f19c3b9bcd660dc6d7f73d10", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001177-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000018-region_00001177-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_774", "md5_hash": "48ca91205864fd05824d78ae34a66b66", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "992a565535021871070d4281827f02f3c47fa795", "sha256_hash": "e672bf1ecc8ce96dc22380b99785db89c7421679c3eaab445cf013974fc016ad", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001178-addr_0x00000000007e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000018-region_00001178-addr_0x00000000007e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_775", "md5_hash": "9cddd3364f24973237b518715bba8ade", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b947118006911e1781e4a327f15bb1f298d33125", "sha256_hash": "41b4831a09a0c4b1794600d4a8017163d8659f9145f59762850a508ad34d5f52", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001191-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000018-region_00001191-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_776", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001192-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000018-region_00001192-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_777", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001201-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000018-region_00001201-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_778", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001202-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000018-region_00001202-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_779", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001206-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000019-region_00001206-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_780", "md5_hash": "be7153fd86f114b7a0bac9bcf617b017", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d9da8c68802d99fe34f929ce21d9231481b99a3", "sha256_hash": "a2a8c7d71c13405552f4b1c7fa01740bc5b21345aabef3316d9a271cc0739962", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001207-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000019-region_00001207-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_781", "md5_hash": "ef6f733d9ee066a8bd366b64b832a476", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "518499c7e18783ee199c9412b1bc8f2ef18549d3", "sha256_hash": "e1e1e02aaeb04af7a5d876f05f3612770b6393d360a7eeec174133eaf9145764", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001211-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000019-region_00001211-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_782", "md5_hash": "c9846e42df5144ffe69ef6b130f89966", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "de8461a903291a9c3f1b79d10ce69162ec1d0dae", "sha256_hash": "c83f0ae304d111042600dca74d6da69b610a7e551c0957b117714bb1d7bc6506", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001212-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000019-region_00001212-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_783", "md5_hash": "d89647008665dbd0499594f72d54fc1c", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b5b3756c77075b92e34765db44480ef25563924", "sha256_hash": "0ef4adff8046729b317a0dfb5197b279235580ab9586b0f93564bbdfa2f7cf47", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001217-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000019-region_00001217-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_784", "md5_hash": "10d3fc6774b274507e492d56b9086eb7", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d7c03451e6b894372e371b505e72e7376f56c19", "sha256_hash": "d2fc9be539c04a75e12e4268e136394266b90f4a89eda0317482030d4f9cdee6", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001218-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001218-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_785", "md5_hash": "65e2277493c853b988f6ce52d23bb4ef", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5d884db6aeca3ee663e172979c243e3513c647dc", "sha256_hash": "7493598ef94ea0c3dd22756b8ad849e1052de620074c77447378dc9bce51c7a9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001219-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001219-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_786", "md5_hash": "87cba6792595214f53c05e1b23ca9201", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "36c0f2c5eccc7b4c161d6c98ced805983338df24", "sha256_hash": "0917642abcf37cb1fb2998b80ffccedc6c61a1bf9ab9e17b860cd3700753370f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001221-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000019-region_00001221-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_787", "md5_hash": "2f3d108cbc899703761b6ff1d4779573", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a748f9d9eb8113d454e05a6da3976622515c6192", "sha256_hash": "932770403a5f2a9d295e4e60f70e8511b833b42ffd999a79973fb7bc3e8baa3f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001223-addr_0x00000000000b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000019-region_00001223-addr_0x00000000000b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_788", "md5_hash": "35f7df081c7d85492bdfcfb75546fcd0", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f832a6a0eab88976bf985c0be1eb46bb4b1e5e27", "sha256_hash": "aa7640393ba541941362657b9aad6b18d38b331ab71358a69b0ca720271e4149", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001230-addr_0x00000000003e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000019-region_00001230-addr_0x00000000003e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_789", "md5_hash": "076fc5e2d690032fbcda7c4ed6cafefa", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91e596fd84ed880f0df55f826fe85ccaf5672e40", "sha256_hash": "7eec7207f1c9adfae841c369d47a1fc807f26f0196f9ec731e1fe7163209f361", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001231-addr_0x00000000006c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000019-region_00001231-addr_0x00000000006c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_790", "md5_hash": "0222d448c1382b71e2840adab490eef4", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a81d1c7607c2835ab25dcd46ad81bf04fedca96f", "sha256_hash": "64c9a45fea0947dbf39b4d50ec29dfc8f53f4ca6af6c999cac535f233994e2ac", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001248-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000019-region_00001248-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_791", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001249-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000019-region_00001249-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_792", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001259-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001259-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_793", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001260-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001260-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_794", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001262-addr_0x0000000000260000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000019-region_00001262-addr_0x0000000000260000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_795", "md5_hash": "6fa8a8b62561e5a2c5b8d517005cf9fd", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "058e25f0f1dee089ad3fafb620638d45ee93b66d", "sha256_hash": "bddecddf901c4ad5483eb46ecc1516a733ecfb0144881210ff253df964ca835d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001265-addr_0x0000000001d20000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000019-region_00001265-addr_0x0000000001d20000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_796", "md5_hash": "e2fb690bac3198f7af07d172a492fb91", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b13fbc256d511bc48c5441d2897d0c07c2d2b59", "sha256_hash": "cbe4320c24837ff6df371f5daf1967da376784d4c60cbb17533718b103de2156", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001267-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000019-region_00001267-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_797", "md5_hash": "b1c874b2738eb2391de2f05dd2ec3343", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eac8a0388f8b9703222cc1dcc73a4ad7ea7fa16c", "sha256_hash": "328067b6f57726aa78a935f08420560c9a1ffc1fafe172ca8bd5575d61930261", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001269-addr_0x0000000001ce0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000019-region_00001269-addr_0x0000000001ce0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_798", "md5_hash": "3c7db0216743316821eedfa79a4d07da", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "01e45b849665c5b72bf7aa9c5c5a7aeb15900839", "sha256_hash": "487a29a465f1d0b52df340a061d97fa556c94d84e9d6c958209aa5de10e49ab3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001270-addr_0x0000000001db0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000019-region_00001270-addr_0x0000000001db0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_799", "md5_hash": "74b5479f51c94491e50478d7f79bf5b0", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c2c6649fb0e193a47ee6d4cfe1271e37ca2b438a", "sha256_hash": "4840a509c682f7992b991c66414ec9a7e06767047c20bf28cd5a4e7110d8c020", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001273-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000019-region_00001273-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_800", "md5_hash": "fde0727bbc96b48ea1574bb9d47c2717", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f45e440aba1edb71837eb4d5407372b928775871", "sha256_hash": "5afe7bfe73350f4dd8278d159dc548bb32902a948a75d2c8de0f93e446eda8bb", "size": 12288, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\" ", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe", "id": "proc_1", "image_name": "xzzx_cryptmix.vir.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_514", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:11.091", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_515", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:11.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:11.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_4", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:11.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_5", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:11.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_6", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:11.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_7", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:11.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1434583040, "type": "region", "version": 1 }, "end_va": 1434828799, "entry_point": 1434583040, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe", "id": "region_8", "name": "xzzx_cryptmix.vir.exe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe", "region_type": "memory_mapped_file", "start_va": 1434583040, "timestamp": "00:00:11.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_9", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:11.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_10", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:11.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_11", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:11.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_12", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:11.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_13", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:11.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_14", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:11.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_15", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:11.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_16", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:11.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_17", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:11.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_150", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:13.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958543360, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_151", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:13.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958608896, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_152", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:13.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959002112, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_153", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:13.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:13.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990328320, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_155", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:13.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992884224, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_156", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:13.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_157", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:13.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:13.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_159", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:13.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4550655, "entry_point": 4128768, "filename": "\\Windows\\System32\\locale.nls", "id": "region_160", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 4128768, "timestamp": "00:00:13.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1962999808, "type": "region", "version": 1 }, "end_va": 1963032575, "entry_point": 1962999808, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_161", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1962999808, "timestamp": "00:00:13.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1963065344, "type": "region", "version": 1 }, "end_va": 1963311103, "entry_point": 1963065344, "filename": "\\Windows\\SysWOW64\\pdh.dll", "id": "region_162", "name": "pdh.dll", "norm_filename": "c:\\windows\\syswow64\\pdh.dll", "region_type": "memory_mapped_file", "start_va": 1963065344, "timestamp": "00:00:13.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1963327488, "type": "region", "version": 1 }, "end_va": 1963868159, "entry_point": 1963327488, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_163", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1963327488, "timestamp": "00:00:13.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964965888, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_164", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:14.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965031424, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_165", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:14.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966850047, "entry_point": 1965424640, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_166", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:14.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1969487872, "type": "region", "version": 1 }, "end_va": 1969561599, "entry_point": 1969487872, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_167", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1969487872, "timestamp": "00:00:14.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969618944, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_168", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:14.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1970601984, "type": "region", "version": 1 }, "end_va": 1971187711, "entry_point": 1970601984, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_169", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1970601984, "timestamp": "00:00:14.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1984077823, "entry_point": 1971191808, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_170", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:00:14.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984102400, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_171", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:16.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1986396160, "type": "region", "version": 1 }, "end_va": 1986555903, "entry_point": 1986396160, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_172", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1986396160, "timestamp": "00:00:16.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_173", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:16.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988755456, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_174", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:16.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993211904, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_175", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:16.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1993998336, "type": "region", "version": 1 }, "end_va": 1994502143, "entry_point": 1993998336, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_176", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1993998336, "timestamp": "00:00:16.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994522624, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_177", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:16.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995440128, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_178", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:16.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996095488, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_179", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:16.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1996488704, "type": "region", "version": 1 }, "end_va": 1998180351, "entry_point": 1996488704, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_180", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1996488704, "timestamp": "00:00:16.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1998192640, "type": "region", "version": 1 }, "end_va": 1998548991, "entry_point": 1998192640, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_181", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1998192640, "timestamp": "00:00:16.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998585856, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_182", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:16.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003238912, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_183", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:16.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_184", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:16.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_185", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:16.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:16.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:16.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:16.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1863679, "entry_point": 0, "filename": null, "id": "region_189", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:16.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_190", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:16.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 6193151, "entry_point": 0, "filename": null, "id": "region_191", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:00:16.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7802879, "entry_point": 0, "filename": null, "id": "region_192", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:00:16.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 28835839, "entry_point": 0, "filename": null, "id": "region_193", "name": "pagefile_0x0000000000780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7864320, "timestamp": "00:00:16.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28835840, "type": "region", "version": 1 }, "end_va": 29360127, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x0000000001b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 28835840, "timestamp": "00:00:16.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:00:16.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x0000000001ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32440320, "timestamp": "00:00:16.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 36843519, "entry_point": 0, "filename": null, "id": "region_197", "name": "pagefile_0x0000000001f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32702464, "timestamp": "00:00:16.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 38666239, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:00:16.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1962958847, "entry_point": 1962868736, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_199", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:00:16.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1962803200, "type": "region", "version": 1 }, "end_va": 1962835967, "entry_point": 1962803200, "filename": "\\Windows\\SysWOW64\\credssp.dll", "id": "region_200", "name": "credssp.dll", "norm_filename": "c:\\windows\\syswow64\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 1962803200, "timestamp": "00:00:16.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1957953536, "type": "region", "version": 1 }, "end_va": 1958477823, "entry_point": 1957953536, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_201", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1957953536, "timestamp": "00:00:16.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:16.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 30273535, "entry_point": 0, "filename": null, "id": "region_203", "name": "pagefile_0x0000000001c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29360128, "timestamp": "00:00:16.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_204", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:16.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 819200, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 40534015, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x00000000025e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39714816, "timestamp": "00:00:16.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 40566784, "type": "region", "version": 1 }, "end_va": 43511807, "entry_point": 40566784, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_206", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 40566784, "timestamp": "00:00:16.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2039807, "entry_point": 0, "filename": null, "id": "region_207", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:16.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1961099264, "type": "region", "version": 1 }, "end_va": 1962795007, "entry_point": 1961099264, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_208", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1961099264, "timestamp": "00:00:16.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 2097152, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_209", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:16.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_210", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:00:16.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_211", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:00:17.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1989148672, "type": "region", "version": 1 }, "end_va": 1989685247, "entry_point": 1989148672, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_212", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1989148672, "timestamp": "00:00:17.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3018751, "entry_point": 0, "filename": null, "id": "region_213", "name": "pagefile_0x00000000002e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3014656, "timestamp": "00:00:17.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:00:17.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31850495, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:00:17.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:17.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 32112639, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000001e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 31850496, "timestamp": "00:00:17.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36896768, "type": "region", "version": 1 }, "end_va": 37945343, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000002330000", "norm_filename": null, "region_type": "private_memory", "start_va": 36896768, "timestamp": "00:00:17.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1960968192, "type": "region", "version": 1 }, "end_va": 1961058303, "entry_point": 1960979907, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_219", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1960968192, "timestamp": "00:00:17.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:17.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32358399, "entry_point": 32112640, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_221", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 32112640, "timestamp": "00:00:17.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32358399, "entry_point": 32117389, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_222", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 32112640, "timestamp": "00:00:17.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1960706048, "type": "region", "version": 1 }, "end_va": 1960947711, "entry_point": 1960710797, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_226", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1960706048, "timestamp": "00:00:17.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1962934272, "type": "region", "version": 1 }, "end_va": 1962991615, "entry_point": 1962934272, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_227", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1962934272, "timestamp": "00:00:17.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32374783, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000001ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32112640, "timestamp": "00:00:17.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 38207487, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x0000000002430000", "norm_filename": null, "region_type": "private_memory", "start_va": 37945344, "timestamp": "00:00:17.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38666240, "type": "region", "version": 1 }, "end_va": 39714815, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x00000000024e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38666240, "timestamp": "00:00:17.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43515904, "type": "region", "version": 1 }, "end_va": 44564479, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x0000000002980000", "norm_filename": null, "region_type": "private_memory", "start_va": 43515904, "timestamp": "00:00:17.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:17.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:17.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 45350911, "entry_point": 44564480, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_234", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 44564480, "timestamp": "00:00:17.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1959657472, "type": "region", "version": 1 }, "end_va": 1960660991, "entry_point": 1959657472, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_235", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1959657472, "timestamp": "00:00:17.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1959596031, "entry_point": 1959460864, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_236", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:00:17.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1995112448, "type": "region", "version": 1 }, "end_va": 1995395071, "entry_point": 1995112448, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_237", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1995112448, "timestamp": "00:00:17.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 30556159, "entry_point": 30539776, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_238", "name": "cversions.1.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 30539776, "timestamp": "00:00:17.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 30605312, "type": "region", "version": 1 }, "end_va": 30728191, "entry_point": 30605312, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000012.db", "id": "region_239", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 30605312, "timestamp": "00:00:17.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32378879, "entry_point": 0, "filename": null, "id": "region_240", "name": "pagefile_0x0000000001ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32374784, "timestamp": "00:00:17.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 30543871, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x0000000001d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 30539776, "timestamp": "00:00:17.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38207488, "type": "region", "version": 1 }, "end_va": 38469631, "entry_point": 0, "filename": null, "id": "region_242", "name": "private_0x0000000002470000", "norm_filename": null, "region_type": "private_memory", "start_va": 38207488, "timestamp": "00:00:17.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45350912, "type": "region", "version": 1 }, "end_va": 46399487, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x0000000002b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 45350912, "timestamp": "00:00:17.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 46661631, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x0000000002c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 46399488, "timestamp": "00:00:17.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46661632, "type": "region", "version": 1 }, "end_va": 47710207, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x0000000002c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 46661632, "timestamp": "00:00:17.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:00:17.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_247", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:17.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38469632, "type": "region", "version": 1 }, "end_va": 38473727, "entry_point": 0, "filename": null, "id": "region_248", "name": "private_0x00000000024b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38469632, "timestamp": "00:00:17.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38535168, "type": "region", "version": 1 }, "end_va": 38539263, "entry_point": 0, "filename": null, "id": "region_249", "name": "private_0x00000000024c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38535168, "timestamp": "00:00:17.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 47710208, "type": "region", "version": 1 }, "end_va": 47714303, "entry_point": 0, "filename": null, "id": "region_250", "name": "private_0x0000000002d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 47710208, "timestamp": "00:00:17.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 47775744, "type": "region", "version": 1 }, "end_va": 47779839, "entry_point": 0, "filename": null, "id": "region_251", "name": "private_0x0000000002d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 47775744, "timestamp": "00:00:17.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47841280, "type": "region", "version": 1 }, "end_va": 48889855, "entry_point": 0, "filename": null, "id": "region_252", "name": "private_0x0000000002da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47841280, "timestamp": "00:00:18.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48889856, "type": "region", "version": 1 }, "end_va": 48893951, "entry_point": 0, "filename": null, "id": "region_253", "name": "private_0x0000000002ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48889856, "timestamp": "00:00:18.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48955392, "type": "region", "version": 1 }, "end_va": 48959487, "entry_point": 0, "filename": null, "id": "region_254", "name": "private_0x0000000002eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48955392, "timestamp": "00:00:18.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 49020928, "type": "region", "version": 1 }, "end_va": 49025023, "entry_point": 0, "filename": null, "id": "region_255", "name": "private_0x0000000002ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49020928, "timestamp": "00:00:18.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 49086464, "type": "region", "version": 1 }, "end_va": 49090559, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x0000000002ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49086464, "timestamp": "00:00:18.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 49152000, "type": "region", "version": 1 }, "end_va": 49156095, "entry_point": 0, "filename": null, "id": "region_257", "name": "private_0x0000000002ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49152000, "timestamp": "00:00:18.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 49217536, "type": "region", "version": 1 }, "end_va": 49221631, "entry_point": 0, "filename": null, "id": "region_258", "name": "private_0x0000000002ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49217536, "timestamp": "00:00:18.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 49283072, "type": "region", "version": 1 }, "end_va": 49287167, "entry_point": 0, "filename": null, "id": "region_259", "name": "private_0x0000000002f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 49283072, "timestamp": "00:00:18.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 49348608, "type": "region", "version": 1 }, "end_va": 49352703, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x0000000002f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 49348608, "timestamp": "00:00:18.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49414144, "type": "region", "version": 1 }, "end_va": 50462719, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x0000000002f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 49414144, "timestamp": "00:00:18.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50462720, "type": "region", "version": 1 }, "end_va": 50466815, "entry_point": 0, "filename": null, "id": "region_262", "name": "private_0x0000000003020000", "norm_filename": null, "region_type": "private_memory", "start_va": 50462720, "timestamp": "00:00:18.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50528256, "type": "region", "version": 1 }, "end_va": 50532351, "entry_point": 0, "filename": null, "id": "region_263", "name": "private_0x0000000003030000", "norm_filename": null, "region_type": "private_memory", "start_va": 50528256, "timestamp": "00:00:18.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50593792, "type": "region", "version": 1 }, "end_va": 50597887, "entry_point": 0, "filename": null, "id": "region_264", "name": "private_0x0000000003040000", "norm_filename": null, "region_type": "private_memory", "start_va": 50593792, "timestamp": "00:00:18.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50659328, "type": "region", "version": 1 }, "end_va": 50663423, "entry_point": 0, "filename": null, "id": "region_265", "name": "private_0x0000000003050000", "norm_filename": null, "region_type": "private_memory", "start_va": 50659328, "timestamp": "00:00:18.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50724864, "type": "region", "version": 1 }, "end_va": 50728959, "entry_point": 0, "filename": null, "id": "region_266", "name": "private_0x0000000003060000", "norm_filename": null, "region_type": "private_memory", "start_va": 50724864, "timestamp": "00:00:18.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50790400, "type": "region", "version": 1 }, "end_va": 50794495, "entry_point": 0, "filename": null, "id": "region_267", "name": "private_0x0000000003070000", "norm_filename": null, "region_type": "private_memory", "start_va": 50790400, "timestamp": "00:00:18.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50855936, "type": "region", "version": 1 }, "end_va": 50860031, "entry_point": 0, "filename": null, "id": "region_268", "name": "private_0x0000000003080000", "norm_filename": null, "region_type": "private_memory", "start_va": 50855936, "timestamp": "00:00:18.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50921472, "type": "region", "version": 1 }, "end_va": 50925567, "entry_point": 0, "filename": null, "id": "region_269", "name": "private_0x0000000003090000", "norm_filename": null, "region_type": "private_memory", "start_va": 50921472, "timestamp": "00:00:18.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50987008, "type": "region", "version": 1 }, "end_va": 50991103, "entry_point": 0, "filename": null, "id": "region_270", "name": "private_0x00000000030a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50987008, "timestamp": "00:00:18.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 51052544, "type": "region", "version": 1 }, "end_va": 51314687, "entry_point": 0, "filename": null, "id": "region_271", "name": "private_0x00000000030b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51052544, "timestamp": "00:00:18.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51314688, "type": "region", "version": 1 }, "end_va": 52363263, "entry_point": 0, "filename": null, "id": "region_272", "name": "private_0x00000000030f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51314688, "timestamp": "00:00:18.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52363264, "type": "region", "version": 1 }, "end_va": 52367359, "entry_point": 0, "filename": null, "id": "region_273", "name": "private_0x00000000031f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52363264, "timestamp": "00:00:18.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52428800, "type": "region", "version": 1 }, "end_va": 52432895, "entry_point": 0, "filename": null, "id": "region_274", "name": "private_0x0000000003200000", "norm_filename": null, "region_type": "private_memory", "start_va": 52428800, "timestamp": "00:00:18.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52494336, "type": "region", "version": 1 }, "end_va": 52498431, "entry_point": 0, "filename": null, "id": "region_275", "name": "private_0x0000000003210000", "norm_filename": null, "region_type": "private_memory", "start_va": 52494336, "timestamp": "00:00:18.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52559872, "type": "region", "version": 1 }, "end_va": 52563967, "entry_point": 0, "filename": null, "id": "region_276", "name": "private_0x0000000003220000", "norm_filename": null, "region_type": "private_memory", "start_va": 52559872, "timestamp": "00:00:18.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52625408, "type": "region", "version": 1 }, "end_va": 52629503, "entry_point": 0, "filename": null, "id": "region_277", "name": "private_0x0000000003230000", "norm_filename": null, "region_type": "private_memory", "start_va": 52625408, "timestamp": "00:00:18.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 52695039, "entry_point": 0, "filename": null, "id": "region_278", "name": "private_0x0000000003240000", "norm_filename": null, "region_type": "private_memory", "start_va": 52690944, "timestamp": "00:00:18.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52756480, "type": "region", "version": 1 }, "end_va": 52760575, "entry_point": 0, "filename": null, "id": "region_279", "name": "private_0x0000000003250000", "norm_filename": null, "region_type": "private_memory", "start_va": 52756480, "timestamp": "00:00:18.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52822016, "type": "region", "version": 1 }, "end_va": 52826111, "entry_point": 0, "filename": null, "id": "region_280", "name": "private_0x0000000003260000", "norm_filename": null, "region_type": "private_memory", "start_va": 52822016, "timestamp": "00:00:18.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 52887552, "type": "region", "version": 1 }, "end_va": 53149695, "entry_point": 0, "filename": null, "id": "region_281", "name": "private_0x0000000003270000", "norm_filename": null, "region_type": "private_memory", "start_va": 52887552, "timestamp": "00:00:18.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 53149696, "type": "region", "version": 1 }, "end_va": 54198271, "entry_point": 0, "filename": null, "id": "region_282", "name": "private_0x00000000032b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53149696, "timestamp": "00:00:18.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 54198272, "type": "region", "version": 1 }, "end_va": 54202367, "entry_point": 0, "filename": null, "id": "region_283", "name": "private_0x00000000033b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54198272, "timestamp": "00:00:18.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 54263808, "type": "region", "version": 1 }, "end_va": 54267903, "entry_point": 0, "filename": null, "id": "region_284", "name": "private_0x00000000033c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54263808, "timestamp": "00:00:18.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 54329344, "type": "region", "version": 1 }, "end_va": 54333439, "entry_point": 0, "filename": null, "id": "region_285", "name": "private_0x00000000033d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54329344, "timestamp": "00:00:18.584", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000336-addr_0x0000000003d40000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_516", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 64225280, "type": "region", "version": 1 }, "end_va": 64229375, "entry_point": 0, "filename": null, "id": "region_336", "name": "private_0x0000000003d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 64225280, "timestamp": "00:00:18.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000362-addr_0x0000000003e50000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_536", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 65339392, "type": "region", "version": 1 }, "end_va": 65601535, "entry_point": 0, "filename": null, "id": "region_362", "name": "private_0x0000000003e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 65339392, "timestamp": "00:00:19.682", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000363-addr_0x0000000003e90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_537", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 65601536, "type": "region", "version": 1 }, "end_va": 66650111, "entry_point": 0, "filename": null, "id": "region_363", "name": "private_0x0000000003e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 65601536, "timestamp": "00:00:19.682", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000365-addr_0x000000007ef89000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_538", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130219008, "type": "region", "version": 1 }, "end_va": 2130231295, "entry_point": 0, "filename": null, "id": "region_365", "name": "private_0x000000007ef89000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130219008, "timestamp": "00:00:19.705", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001509-addr_0x0000000003e50000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_805", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 65339392, "type": "region", "version": 1 }, "end_va": 65601535, "entry_point": 0, "filename": null, "id": "region_1509", "name": "private_0x0000000003e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 65339392, "timestamp": "00:00:31.902", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001510-addr_0x0000000003e90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_806", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 65601536, "type": "region", "version": 1 }, "end_va": 66650111, "entry_point": 0, "filename": null, "id": "region_1510", "name": "private_0x0000000003e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 65601536, "timestamp": "00:00:31.902", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001511-addr_0x0000000004080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_807", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 67633152, "type": "region", "version": 1 }, "end_va": 67637247, "entry_point": 0, "filename": null, "id": "region_1511", "name": "private_0x0000000004080000", "norm_filename": null, "region_type": "private_memory", "start_va": 67633152, "timestamp": "00:00:31.902", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001512-addr_0x000000007ef89000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_808", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130219008, "type": "region", "version": 1 }, "end_va": 2130231295, "entry_point": 0, "filename": null, "id": "region_1512", "name": "private_0x000000007ef89000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130219008, "timestamp": "00:00:31.903", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001513-addr_0x0000000004090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_809", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 67698688, "type": "region", "version": 1 }, "end_va": 67702783, "entry_point": 0, "filename": null, "id": "region_1513", "name": "private_0x0000000004090000", "norm_filename": null, "region_type": "private_memory", "start_va": 67698688, "timestamp": "00:00:31.903", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001515-addr_0x00000000041d0000-size_0x00000000002dd000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_810", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 3002368, "start_va": 69009408, "type": "region", "version": 1 }, "end_va": 72011775, "entry_point": 69009408, "filename": "\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", "id": "region_1515", "name": "boot.sdi", "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\boot.sdi", "region_type": "memory_mapped_file", "start_va": 69009408, "timestamp": "00:00:32.449", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001516-addr_0x0000000004080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_811", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 67633152, "type": "region", "version": 1 }, "end_va": 67637247, "entry_point": 0, "filename": null, "id": "region_1516", "name": "private_0x0000000004080000", "norm_filename": null, "region_type": "private_memory", "start_va": 67633152, "timestamp": "00:00:32.450", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001517-addr_0x0000000004090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_812", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 67698688, "type": "region", "version": 1 }, "end_va": 67702783, "entry_point": 0, "filename": null, "id": "region_1517", "name": "private_0x0000000004090000", "norm_filename": null, "region_type": "private_memory", "start_va": 67698688, "timestamp": "00:00:32.450", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001518-addr_0x00000000040a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_813", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 67764224, "type": "region", "version": 1 }, "end_va": 68026367, "entry_point": 0, "filename": null, "id": "region_1518", "name": "private_0x00000000040a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 67764224, "timestamp": "00:00:32.607", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001519-addr_0x00000000044b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_814", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 72024064, "type": "region", "version": 1 }, "end_va": 73072639, "entry_point": 0, "filename": null, "id": "region_1519", "name": "private_0x00000000044b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72024064, "timestamp": "00:00:32.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001520-addr_0x00000000045b0000-size_0x00000000002dd000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_815", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 3002368, "start_va": 73072640, "type": "region", "version": 1 }, "end_va": 76075007, "entry_point": 73072640, "filename": "\\Recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\Winre.wim", "id": "region_1520", "name": "winre.wim", "norm_filename": "c:\\recovery\\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\winre.wim", "region_type": "memory_mapped_file", "start_va": 73072640, "timestamp": "00:00:32.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001521-addr_0x000000007ef86000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_816", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130206720, "type": "region", "version": 1 }, "end_va": 2130219007, "entry_point": 0, "filename": null, "id": "region_1521", "name": "private_0x000000007ef86000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130206720, "timestamp": "00:00:32.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001522-addr_0x00000000040e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_817", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 68026368, "type": "region", "version": 1 }, "end_va": 68030463, "entry_point": 0, "filename": null, "id": "region_1522", "name": "private_0x00000000040e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68026368, "timestamp": "00:00:32.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001523-addr_0x00000000040f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_818", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 68091904, "type": "region", "version": 1 }, "end_va": 68095999, "entry_point": 0, "filename": null, "id": "region_1523", "name": "private_0x00000000040f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68091904, "timestamp": "00:00:32.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001524-addr_0x0000000004100000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_819", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 68157440, "type": "region", "version": 1 }, "end_va": 68419583, "entry_point": 0, "filename": null, "id": "region_1524", "name": "private_0x0000000004100000", "norm_filename": null, "region_type": "private_memory", "start_va": 68157440, "timestamp": "00:00:32.836", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001525-addr_0x0000000004140000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_820", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 68419584, "type": "region", "version": 1 }, "end_va": 68423679, "entry_point": 0, "filename": null, "id": "region_1525", "name": "private_0x0000000004140000", "norm_filename": null, "region_type": "private_memory", "start_va": 68419584, "timestamp": "00:00:32.837", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001526-addr_0x0000000004890000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_821", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 76087296, "type": "region", "version": 1 }, "end_va": 77135871, "entry_point": 0, "filename": null, "id": "region_1526", "name": "private_0x0000000004890000", "norm_filename": null, "region_type": "private_memory", "start_va": 76087296, "timestamp": "00:00:32.837", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001527-addr_0x000000007ef83000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_822", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130194432, "type": "region", "version": 1 }, "end_va": 2130206719, "entry_point": 0, "filename": null, "id": "region_1527", "name": "private_0x000000007ef83000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130194432, "timestamp": "00:00:32.837", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001528-addr_0x0000000004150000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_823", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 68485120, "type": "region", "version": 1 }, "end_va": 68489215, "entry_point": 0, "filename": null, "id": "region_1528", "name": "private_0x0000000004150000", "norm_filename": null, "region_type": "private_memory", "start_va": 68485120, "timestamp": "00:00:32.838", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop VVS", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_2", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000375-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_539", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_375", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000376-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_540", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_376", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_377", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_378", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_379", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.022", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000380-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_541", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_380", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:20.023", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000381-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_542", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_381", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:20.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246822400, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_382", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:20.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_383", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_384", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_385", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000386-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_543", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_386", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000387-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_544", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_387", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000388-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_545", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_388", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_389", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.031", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000390-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_546", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_390", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_391", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.039", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000392-addr_0x0000000000110000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_547", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_392", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:20.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_393", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_394", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_395", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_522", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:20.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_523", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:20.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_524", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:20.544", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000525-addr_0x00000000003e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_602", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_525", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:20.545", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000526-addr_0x0000000000650000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_603", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 6684671, "entry_point": 0, "filename": null, "id": "region_526", "name": "private_0x0000000000650000", "norm_filename": null, "region_type": "private_memory", "start_va": 6619136, "timestamp": "00:00:20.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959292927, "entry_point": 1959264256, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_527", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:00:20.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_528", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:20.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_529", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:20.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_530", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:20.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_531", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:20.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_532", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:20.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_533", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:20.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_534", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:20.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_535", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:20.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_536", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:20.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_537", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:20.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_538", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:20.558", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000539-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_604", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_539", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:20.559", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000540-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_605", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_540", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:20.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_541", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:20.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_542", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:20.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_543", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:20.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 8290303, "entry_point": 0, "filename": null, "id": "region_633", "name": "pagefile_0x0000000000660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6684672, "timestamp": "00:00:20.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_634", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:20.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_635", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:20.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_636", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:20.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_637", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:20.702", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000638-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_622", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_638", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:20.702", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000639-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_623", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_639", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:20.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 9900031, "entry_point": 0, "filename": null, "id": "region_640", "name": "pagefile_0x00000000007f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8323072, "timestamp": "00:00:20.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_641", "name": "pagefile_0x0000000000980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9961472, "timestamp": "00:00:20.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 34353151, "entry_point": 0, "filename": null, "id": "region_642", "name": "pagefile_0x0000000001d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30932992, "timestamp": "00:00:20.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34406400, "type": "region", "version": 1 }, "end_va": 37351423, "entry_point": 34406400, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_653", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34406400, "timestamp": "00:00:20.860", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop wscsvc", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_3", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000396-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_548", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_396", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.082", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000397-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_549", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_397", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_398", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_399", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_400", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.085", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000401-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_550", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_401", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:20.088", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000402-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_551", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_402", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:20.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246855834, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_403", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:20.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_404", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_405", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_406", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.093", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000407-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_552", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_407", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.095", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000408-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_553", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_408", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.099", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000409-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_554", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_409", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_410", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.100", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000411-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_555", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_411", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_412", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.101", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000413-addr_0x00000000000d0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_556", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_413", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:20.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_414", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_415", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_416", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_544", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:20.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_545", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:20.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2453503, "entry_point": 2031616, "filename": "\\Windows\\System32\\locale.nls", "id": "region_546", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2031616, "timestamp": "00:00:20.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000547-addr_0x0000000000480000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_606", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_547", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:00:20.568", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000548-addr_0x0000000000680000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_607", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_548", "name": "private_0x0000000000680000", "norm_filename": null, "region_type": "private_memory", "start_va": 6815744, "timestamp": "00:00:20.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959292927, "entry_point": 1959268912, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_549", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:00:20.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_550", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:20.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_551", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:20.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_552", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:20.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_553", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:20.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_554", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:20.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_555", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:20.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_556", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:20.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_557", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:20.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_558", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:20.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_559", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:20.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_560", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:20.574", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000561-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_608", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_561", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:20.575", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000562-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_609", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_562", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:20.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_563", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:20.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_564", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:20.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_565", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:20.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8486911, "entry_point": 0, "filename": null, "id": "region_610", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:20.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_611", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:20.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_612", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:20.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_613", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:20.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_614", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:20.626", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000615-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_618", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_615", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:20.626", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000616-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_619", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_616", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:20.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 10096639, "entry_point": 0, "filename": null, "id": "region_617", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:00:20.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 31129599, "entry_point": 0, "filename": null, "id": "region_618", "name": "pagefile_0x00000000009b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10158080, "timestamp": "00:00:20.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 34549759, "entry_point": 0, "filename": null, "id": "region_619", "name": "pagefile_0x0000000001db0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31129600, "timestamp": "00:00:20.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 37548031, "entry_point": 34603008, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_652", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34603008, "timestamp": "00:00:20.820", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop WinDefend", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_4", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000417-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_557", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_417", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.142", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000418-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_558", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_418", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_419", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_420", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_421", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.144", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000422-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_559", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_422", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:20.144", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000423-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_560", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_423", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:20.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246855834, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_424", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:20.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_425", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_426", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_427", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.146", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000428-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_561", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_428", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.147", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000429-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_562", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_429", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.147", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000430-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_563", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_430", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_431", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.148", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000432-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_564", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_432", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_433", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.148", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000434-addr_0x00000000003d0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_565", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_434", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:00:20.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_435", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_436", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_437", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_736", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_737", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_738", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:00:21.046", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000739-addr_0x00000000003c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_663", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_739", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:21.047", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000740-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_664", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_740", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:00:21.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959292927, "entry_point": 1959268912, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_741", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:00:21.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_742", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_743", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_744", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_745", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:21.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_746", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_747", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_748", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_749", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:21.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_750", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:21.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_751", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_752", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.054", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000753-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_665", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_753", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000754-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_666", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_754", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_755", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:21.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_756", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8486911, "entry_point": 0, "filename": null, "id": "region_758", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:21.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_759", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:21.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_760", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:21.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_761", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_762", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:21.071", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000763-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_667", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_763", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:21.071", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000764-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_668", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_764", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:21.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 10096639, "entry_point": 0, "filename": null, "id": "region_765", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:00:21.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 31129599, "entry_point": 0, "filename": null, "id": "region_766", "name": "pagefile_0x00000000009b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10158080, "timestamp": "00:00:21.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 34549759, "entry_point": 0, "filename": null, "id": "region_767", "name": "pagefile_0x0000000001db0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31129600, "timestamp": "00:00:21.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 37548031, "entry_point": 34603008, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_930", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34603008, "timestamp": "00:00:21.419", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop wuauserv", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_5", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000438-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_566", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_438", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.206", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000439-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_567", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_439", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_440", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_441", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_442", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.208", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000443-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_568", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_443", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:20.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000444-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_569", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_444", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:20.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246855834, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_445", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:20.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_446", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_447", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_448", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.212", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000449-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_570", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_449", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.215", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000450-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_571", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_450", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.215", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000451-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_572", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_451", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_452", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.216", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000453-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_573", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_453", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_454", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.216", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000455-addr_0x0000000000130000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_574", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_455", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:20.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_456", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_457", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_458", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_566", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:20.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_567", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:20.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 1769472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_568", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:00:20.583", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000569-addr_0x0000000000390000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_610", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_569", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:20.587", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000570-addr_0x00000000004e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_611", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_570", "name": "private_0x00000000004e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5111808, "timestamp": "00:00:20.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959292927, "entry_point": 1959268912, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_571", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:00:20.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_572", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:20.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_573", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:20.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_574", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:20.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_575", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:20.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_576", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:20.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_577", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:20.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_578", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:20.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_579", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:20.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_580", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:20.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_581", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:20.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_582", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:20.596", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000583-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_612", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_583", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:20.597", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000584-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_613", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_584", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:20.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_585", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:20.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_586", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:20.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_587", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:20.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6782975, "entry_point": 0, "filename": null, "id": "region_620", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:00:20.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_621", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:20.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_622", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:20.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_643", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:20.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_644", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:20.736", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000645-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_624", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_645", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:20.737", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000646-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_625", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_646", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:20.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 8392703, "entry_point": 0, "filename": null, "id": "region_647", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:00:20.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 29425663, "entry_point": 0, "filename": null, "id": "region_648", "name": "pagefile_0x0000000000810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8454144, "timestamp": "00:00:20.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 32845823, "entry_point": 0, "filename": null, "id": "region_649", "name": "pagefile_0x0000000001c10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29425664, "timestamp": "00:00:20.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 35844095, "entry_point": 32899072, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_650", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32899072, "timestamp": "00:00:20.763", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop BITS", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_6", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000459-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_575", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_459", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.260", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000460-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_576", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_460", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_461", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_462", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_463", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.263", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000464-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_577", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_464", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:20.263", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000465-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_578", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_465", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:20.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246855834, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_466", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:20.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_467", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_468", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_469", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.267", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000470-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_579", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_470", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.267", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000471-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_580", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_471", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.267", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000472-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_581", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_472", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_473", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.271", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000474-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_582", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_474", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_475", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.275", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000476-addr_0x0000000000240000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_583", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_476", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:20.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_477", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_478", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_479", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_588", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:20.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_589", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:20.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000590-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_614", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_590", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:00:20.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4419583, "entry_point": 3997696, "filename": "\\Windows\\System32\\locale.nls", "id": "region_591", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3997696, "timestamp": "00:00:20.602", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000592-addr_0x00000000005c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_615", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_592", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:00:20.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959292927, "entry_point": 1959268912, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_593", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:00:20.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_594", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:20.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_595", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:20.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_596", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:20.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_597", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:20.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_598", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:20.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_599", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:20.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_600", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:20.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_601", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:20.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_602", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:20.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_603", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:20.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_604", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:20.608", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000605-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_616", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_605", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:20.609", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000606-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_617", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_606", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:20.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_607", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:20.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_608", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:20.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_609", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:20.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7700479, "entry_point": 0, "filename": null, "id": "region_623", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:00:20.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_624", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:20.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_625", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:20.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_626", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:20.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_627", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:20.646", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000628-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_620", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_628", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:20.647", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000629-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_621", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_629", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:20.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 9310207, "entry_point": 0, "filename": null, "id": "region_630", "name": "pagefile_0x0000000000760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7733248, "timestamp": "00:00:20.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_631", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:00:20.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 33763327, "entry_point": 0, "filename": null, "id": "region_632", "name": "pagefile_0x0000000001cf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30343168, "timestamp": "00:00:20.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 36761599, "entry_point": 33816576, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_651", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33816576, "timestamp": "00:00:20.791", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop ERSvc", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_7", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00000480-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_584", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_480", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.332", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000481-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_585", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_481", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_482", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_483", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_484", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.340", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000485-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_586", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_485", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:20.343", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000486-addr_0x0000000000270000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_587", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_486", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:20.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246855834, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_487", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:20.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_488", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_489", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_490", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.345", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000491-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_588", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_491", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.345", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000492-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_589", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_492", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000493-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_590", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_493", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_494", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000495-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_591", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_495", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_496", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000497-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_592", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_497", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:20.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_498", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_499", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_500", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_768", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_769", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1929215, "entry_point": 1507328, "filename": "\\Windows\\System32\\locale.nls", "id": "region_770", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:00:21.138", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000771-addr_0x0000000000390000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_669", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_771", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:21.138", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000772-addr_0x0000000000590000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_670", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_772", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:00:21.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959292927, "entry_point": 1959268912, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_773", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:00:21.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_774", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_775", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_776", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_777", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:21.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_778", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_779", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_780", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_781", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:21.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_782", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:21.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_783", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_784", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.147", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000785-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_671", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_785", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.151", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000786-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_672", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_786", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_787", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:21.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_788", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_789", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 7503871, "entry_point": 0, "filename": null, "id": "region_790", "name": "pagefile_0x00000000005a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5898240, "timestamp": "00:00:21.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_791", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:21.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_792", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:21.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_793", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_794", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:21.168", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000795-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_673", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_795", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:21.171", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000796-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_674", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_796", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:21.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 9113599, "entry_point": 0, "filename": null, "id": "region_797", "name": "pagefile_0x0000000000730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7536640, "timestamp": "00:00:21.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_798", "name": "pagefile_0x00000000008c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9175040, "timestamp": "00:00:21.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 33566719, "entry_point": 0, "filename": null, "id": "region_799", "name": "pagefile_0x0000000001cc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30146560, "timestamp": "00:00:21.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 36564991, "entry_point": 33619968, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_931", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33619968, "timestamp": "00:00:21.451", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C sc stop WerSvc", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_8", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00000501-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_593", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_501", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.405", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000502-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_594", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_502", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_503", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_504", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_505", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.414", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000506-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_595", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_506", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:20.415", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000507-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_596", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_507", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:20.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246855834, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_508", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:20.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_509", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_510", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_511", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.421", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000512-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_597", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_512", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.422", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000513-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_598", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_513", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.422", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000514-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_599", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_514", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_515", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.423", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000516-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_600", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_516", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_517", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.423", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000518-addr_0x0000000000520000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_601", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_518", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:00:20.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_519", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_520", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_521", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_800", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_801", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_802", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:21.198", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000803-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_675", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_803", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:21.199", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000804-addr_0x0000000000780000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_676", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_804", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:00:21.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959292927, "entry_point": 1959268912, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_805", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:00:21.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_806", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_807", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_808", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_809", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:21.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_810", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_811", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_812", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_813", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:21.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_814", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:21.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_815", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_816", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.217", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000817-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_677", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_817", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.217", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000818-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_678", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_818", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_819", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:21.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_820", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_821", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 5013503, "entry_point": 0, "filename": null, "id": "region_971", "name": "pagefile_0x0000000000340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3407872, "timestamp": "00:00:21.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_972", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:21.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_973", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:21.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_974", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_975", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:21.536", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000976-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_730", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_976", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:21.537", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000977-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_731", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_977", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:21.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 7475199, "entry_point": 0, "filename": null, "id": "region_978", "name": "pagefile_0x00000000005a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5898240, "timestamp": "00:00:21.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 0, "filename": null, "id": "region_979", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:00:21.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 33304575, "entry_point": 0, "filename": null, "id": "region_980", "name": "pagefile_0x0000000001c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29884416, "timestamp": "00:00:21.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 36302847, "entry_point": 33357824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_981", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33357824, "timestamp": "00:00:21.562", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "sc stop wuauserv", "filename": "c:\\windows\\syswow64\\sc.exe", "id": "proc_9", "image_name": "sc.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000009-region_00000654-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_626", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_654", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.866", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000655-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_627", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_655", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_656", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.867", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000657-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_628", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_657", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:20.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_658", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:00:20.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_659", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:00:20.871", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000660-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_629", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_660", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:20.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1622015, "entry_point": 1572864, "filename": "\\Windows\\SysWOW64\\sc.exe", "id": "region_661", "name": "sc.exe", "norm_filename": "c:\\windows\\syswow64\\sc.exe", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:00:20.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_662", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_663", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_664", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.879", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000665-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_630", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_665", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.879", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000666-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_631", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_666", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.883", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000667-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_632", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_667", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_668", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.888", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000669-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_633", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_669", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_670", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.889", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000860-addr_0x0000000000290000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_692", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_860", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:21.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_861", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:21.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_862", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:21.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_863", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:21.271", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000864-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_693", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_864", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000865-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_694", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_865", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1049", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1050", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2060287, "entry_point": 1638400, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1051", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:00:21.717", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001052-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_750", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_1052", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:21.718", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001053-addr_0x0000000000640000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_751", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_1053", "name": "private_0x0000000000640000", "norm_filename": null, "region_type": "private_memory", "start_va": 6553600, "timestamp": "00:00:21.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1054", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1055", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1056", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1057", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1058", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1059", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1060", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1061", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1062", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1063", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1106", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_1107", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:00:21.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 3211264, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_1108", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3211264, "timestamp": "00:00:21.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 786432, "filename": "\\Windows\\SysWOW64\\en-US\\sc.exe.mui", "id": "region_1109", "name": "sc.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\sc.exe.mui", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:00:21.839", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "sc stop BITS", "filename": "c:\\windows\\syswow64\\sc.exe", "id": "proc_10", "image_name": "sc.exe", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000010-region_00000671-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_634", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_671", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.892", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000672-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_635", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_672", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_673", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_674", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_675", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.895", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000676-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_636", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_676", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:20.896", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000677-addr_0x0000000000120000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_637", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:00:20.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1622015, "entry_point": 1603991, "filename": "\\Windows\\SysWOW64\\sc.exe", "id": "region_678", "name": "sc.exe", "norm_filename": "c:\\windows\\syswow64\\sc.exe", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:00:20.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_679", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_680", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_681", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.901", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000682-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_638", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_682", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.901", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000683-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_639", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_683", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.903", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000684-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_640", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_684", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_685", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.907", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000686-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_641", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_687", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.911", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000688-addr_0x0000000000310000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_642", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_688", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:00:20.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_689", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_690", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_691", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_866", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_867", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2060287, "entry_point": 1638400, "filename": "\\Windows\\System32\\locale.nls", "id": "region_868", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:00:21.287", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000869-addr_0x00000000002c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_695", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_869", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:21.288", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000870-addr_0x0000000000510000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_696", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_870", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:00:21.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_871", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_872", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_873", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_874", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_875", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_876", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_877", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_878", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.294", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000879-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_697", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_879", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00000880-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_698", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_880", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_881", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_882", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_883", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_884", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:21.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 2097152, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_885", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:21.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\sc.exe.mui", "id": "region_903", "name": "sc.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\sc.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:00:21.323", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "sc stop wscsvc", "filename": "c:\\windows\\syswow64\\sc.exe", "id": "proc_11", "image_name": "sc.exe", "monitor_reason": "child_process", "monitored_id": 11, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000011-region_00000692-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_643", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_692", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.944", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000693-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_644", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_693", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_694", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_695", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_696", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.947", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000697-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_645", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_697", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:20.947", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000698-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_646", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_698", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:20.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1622015, "entry_point": 1603991, "filename": "\\Windows\\SysWOW64\\sc.exe", "id": "region_699", "name": "sc.exe", "norm_filename": "c:\\windows\\syswow64\\sc.exe", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:00:20.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_700", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_701", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_702", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.950", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000703-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_647", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_703", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.950", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000704-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_648", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_704", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.950", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000705-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_649", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_705", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_706", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.951", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000707-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_650", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_707", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_708", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.955", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000709-addr_0x00000000001b0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_651", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_709", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:20.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_710", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_711", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_712", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_886", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_887", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_888", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:00:21.308", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000889-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_699", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_889", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:21.309", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000890-addr_0x00000000003e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_700", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_890", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:21.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_891", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_892", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_893", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_894", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_895", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_896", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_897", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_898", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.316", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000899-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_701", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_899", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.317", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00000900-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_702", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_900", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_901", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_902", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_904", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_905", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:21.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 4128768, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_906", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 4128768, "timestamp": "00:00:21.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 1507328, "filename": "\\Windows\\SysWOW64\\en-US\\sc.exe.mui", "id": "region_970", "name": "sc.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\sc.exe.mui", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:00:21.517", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C vssadmin.exe Delete Shadows /All /Quiet", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_12", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 12, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000012-region_00000713-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_652", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_713", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.976", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000714-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_653", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_714", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:20.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_715", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:20.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_716", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:20.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_717", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:20.981", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000718-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_654", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_718", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:20.981", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000719-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_655", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_719", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:20.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246855834, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_720", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:20.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_721", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:20.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_722", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:20.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_723", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:20.985", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000724-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_656", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_724", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:20.985", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000725-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_657", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_725", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:20.986", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000726-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_658", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_726", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:20.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_727", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:20.986", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000728-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_659", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_728", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:20.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_729", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:20.986", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000730-addr_0x0000000000450000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_660", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_730", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:00:20.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_731", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:20.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_732", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:20.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_733", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:20.997", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000734-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_661", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_734", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:20.997", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00000735-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_662", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_735", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:20.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1114", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:22.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1115", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:22.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1116", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:22.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001117-addr_0x00000000005d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_766", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_1117", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:00:22.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001118-addr_0x0000000000840000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_767", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8716287, "entry_point": 0, "filename": null, "id": "region_1118", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:00:22.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1945763840, "type": "region", "version": 1 }, "end_va": 1945792511, "entry_point": 1945768496, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_1119", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1945763840, "timestamp": "00:00:22.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1120", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:22.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1121", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:22.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1122", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:22.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1123", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:22.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1124", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:22.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1125", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:22.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1126", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:22.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1127", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:22.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1128", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:22.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1129", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:22.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1130", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:22.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1131", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:22.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1132", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:22.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1133", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:22.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 10321919, "entry_point": 0, "filename": null, "id": "region_1154", "name": "pagefile_0x0000000000850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8716288, "timestamp": "00:00:22.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1155", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:22.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1156", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:22.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1157", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:22.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1158", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:22.032", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001159-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_770", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1159", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:22.032", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001160-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_771", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1160", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:22.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 11931647, "entry_point": 0, "filename": null, "id": "region_1161", "name": "pagefile_0x00000000009e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10354688, "timestamp": "00:00:22.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11993088, "type": "region", "version": 1 }, "end_va": 32964607, "entry_point": 0, "filename": null, "id": "region_1162", "name": "pagefile_0x0000000000b70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11993088, "timestamp": "00:00:22.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 36384767, "entry_point": 0, "filename": null, "id": "region_1163", "name": "pagefile_0x0000000001f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32964608, "timestamp": "00:00:22.033", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "sc stop VVS", "filename": "c:\\windows\\syswow64\\sc.exe", "id": "proc_13", "image_name": "sc.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000013-region_00000822-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_679", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_822", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:21.222", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000823-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_680", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_823", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:21.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_824", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:21.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_825", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:21.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_826", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:21.225", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000827-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_681", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_827", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:21.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1622015, "entry_point": 1603991, "filename": "\\Windows\\SysWOW64\\sc.exe", "id": "region_828", "name": "sc.exe", "norm_filename": "c:\\windows\\syswow64\\sc.exe", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:00:21.225", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000829-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_682", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_829", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:21.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_830", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:21.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_831", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:21.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_832", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:21.228", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000833-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_683", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_833", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:21.228", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000834-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_684", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_834", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:21.228", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000835-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_685", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_835", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:21.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_836", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:21.229", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000837-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_686", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_837", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:21.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_838", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:21.229", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000839-addr_0x0000000000340000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_687", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_839", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:00:21.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_840", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:21.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_841", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:21.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_842", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:21.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_843", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_844", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.253", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000845-addr_0x0000000000080000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_688", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_845", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:21.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_846", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:00:21.253", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000847-addr_0x00000000004b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_689", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5963775, "entry_point": 0, "filename": null, "id": "region_847", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:00:21.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_848", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_849", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_850", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_851", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_852", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_853", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_854", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_855", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.257", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000856-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_690", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_856", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.258", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00000857-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_691", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_857", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_858", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_859", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_932", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_933", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:21.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 2424832, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_934", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:00:21.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 1310720, "filename": "\\Windows\\SysWOW64\\en-US\\sc.exe.mui", "id": "region_935", "name": "sc.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\sc.exe.mui", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:21.473", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C bcdedit /set {default} recoveryenabled No", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_14", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000014-region_00000907-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_703", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_907", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:21.343", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000908-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_704", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_908", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:21.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_909", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:21.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_910", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:21.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_911", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:21.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000912-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_705", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_912", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:21.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000913-addr_0x0000000000340000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_706", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_913", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:00:21.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246855834, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_914", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:21.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_915", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:21.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_916", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:21.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_917", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:21.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000918-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_707", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_918", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:21.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000919-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_708", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_919", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:21.353", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000920-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_709", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_920", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:21.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_921", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:21.353", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000922-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_710", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_922", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:21.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_923", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:21.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000924-addr_0x00000000005e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_711", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6684671, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:00:21.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_925", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:21.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_926", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:21.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_927", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:21.364", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000928-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_712", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_928", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.365", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00000929-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_713", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_929", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1134", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:22.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1135", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:22.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1136", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:22.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001137-addr_0x0000000000570000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_768", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_1137", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:00:22.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001138-addr_0x0000000000800000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_769", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 9437183, "entry_point": 0, "filename": null, "id": "region_1138", "name": "private_0x0000000000800000", "norm_filename": null, "region_type": "private_memory", "start_va": 8388608, "timestamp": "00:00:22.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1945763840, "type": "region", "version": 1 }, "end_va": 1945792511, "entry_point": 1945768496, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_1139", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1945763840, "timestamp": "00:00:22.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1140", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:22.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1141", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:22.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1142", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:22.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1143", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:22.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1144", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:22.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1145", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:22.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1146", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:22.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1147", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:22.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1148", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:22.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1149", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:22.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1150", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:22.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1151", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:22.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1152", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:22.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1153", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:22.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 8290303, "entry_point": 0, "filename": null, "id": "region_1164", "name": "pagefile_0x0000000000660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6684672, "timestamp": "00:00:22.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1165", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:22.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1166", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:22.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1167", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:22.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1168", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:22.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001169-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_772", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1169", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:22.043", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001170-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_773", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1170", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:22.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9437184, "type": "region", "version": 1 }, "end_va": 11014143, "entry_point": 0, "filename": null, "id": "region_1171", "name": "pagefile_0x0000000000900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9437184, "timestamp": "00:00:22.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11075584, "type": "region", "version": 1 }, "end_va": 32047103, "entry_point": 0, "filename": null, "id": "region_1172", "name": "pagefile_0x0000000000a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11075584, "timestamp": "00:00:22.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 35467263, "entry_point": 0, "filename": null, "id": "region_1173", "name": "pagefile_0x0000000001e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32047104, "timestamp": "00:00:22.044", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "sc stop WinDefend", "filename": "c:\\windows\\syswow64\\sc.exe", "id": "proc_15", "image_name": "sc.exe", "monitor_reason": "child_process", "monitored_id": 15, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000015-region_00000936-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_714", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_936", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:21.492", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000937-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_715", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_937", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:21.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_938", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:21.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_939", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:21.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_940", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:21.496", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000941-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_716", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_941", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:21.496", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000942-addr_0x0000000000120000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_717", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_942", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:00:21.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1622015, "entry_point": 1603991, "filename": "\\Windows\\SysWOW64\\sc.exe", "id": "region_943", "name": "sc.exe", "norm_filename": "c:\\windows\\syswow64\\sc.exe", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:00:21.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_944", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:21.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_945", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:21.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_946", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:21.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000947-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_718", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_947", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:21.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000948-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_719", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_948", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:21.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000949-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_720", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_949", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:21.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_950", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:21.500", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000951-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_721", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_951", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:21.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_952", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:21.500", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000982-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_732", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_982", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:21.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_983", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:21.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_984", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:21.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_985", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:21.577", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000986-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_733", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_986", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.579", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00000987-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_734", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_987", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1030", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1031", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2060287, "entry_point": 1638400, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1032", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:00:21.664", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001033-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_748", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_1033", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:21.665", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000015-region_00001034-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_749", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_1034", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:00:21.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1035", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1036", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1037", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1038", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1039", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1040", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1041", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1042", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1043", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1044", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1045", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_1046", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:21.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 3604480, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_1047", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3604480, "timestamp": "00:00:21.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\sc.exe.mui", "id": "region_1048", "name": "sc.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\sc.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:00:21.680", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "sc stop ERSvc", "filename": "c:\\windows\\syswow64\\sc.exe", "id": "proc_16", "image_name": "sc.exe", "monitor_reason": "child_process", "monitored_id": 16, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000016-region_00000953-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_722", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_953", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:21.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00000954-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_723", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_954", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:21.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_955", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:21.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_956", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:21.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_957", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:21.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00000958-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_724", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_958", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:21.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1622015, "entry_point": 1603991, "filename": "\\Windows\\SysWOW64\\sc.exe", "id": "region_959", "name": "sc.exe", "norm_filename": "c:\\windows\\syswow64\\sc.exe", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:00:21.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00000960-addr_0x00000000002c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_725", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_960", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:21.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_961", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:21.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_962", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:21.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_963", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:21.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00000964-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_726", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_964", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:21.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00000965-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_727", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_965", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:21.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00000966-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_728", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_966", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:21.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_967", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:21.516", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00000968-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_729", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_968", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:21.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_969", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:21.516", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00000988-addr_0x00000000004d0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_735", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_988", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:00:21.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_989", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:21.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_990", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:21.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_991", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:21.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1009", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1010", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1011", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:00:21.639", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001012-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_744", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_1012", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:21.640", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001013-addr_0x0000000000720000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_745", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 8519679, "entry_point": 0, "filename": null, "id": "region_1013", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:00:21.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1014", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1015", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1016", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1017", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1018", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1019", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1020", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1021", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.645", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001022-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_746", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_1022", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.646", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001023-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_747", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_1023", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1024", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1025", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1026", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_1027", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:21.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 3145728, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_1028", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:00:21.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\sc.exe.mui", "id": "region_1029", "name": "sc.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\sc.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:00:21.662", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "sc stop WerSvc", "filename": "c:\\windows\\syswow64\\sc.exe", "id": "proc_17", "image_name": "sc.exe", "monitor_reason": "child_process", "monitored_id": 17, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000017-region_00000992-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_736", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_992", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:21.617", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00000993-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_737", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_993", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:21.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_994", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:21.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_995", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:21.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_996", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:21.620", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00000997-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_738", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_997", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:21.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1622015, "entry_point": 1603991, "filename": "\\Windows\\SysWOW64\\sc.exe", "id": "region_998", "name": "sc.exe", "norm_filename": "c:\\windows\\syswow64\\sc.exe", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:00:21.621", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00000999-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_739", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_999", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:21.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1000", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:21.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1001", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:21.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1002", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:21.623", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001003-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_740", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1003", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:21.624", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001004-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_741", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1004", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:21.625", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001005-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_742", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1005", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:21.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1006", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:21.625", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001007-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_743", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1007", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:21.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1008", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:21.626", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001064-addr_0x0000000000260000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_752", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_1064", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:00:21.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1065", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:21.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1066", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:21.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1067", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:21.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1068", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:21.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1069", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:21.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1070", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:00:21.771", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001071-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_753", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_1071", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:00:21.772", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001072-addr_0x00000000005f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_754", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_1072", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:00:21.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1073", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:21.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1074", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:21.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1075", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:21.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1076", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:21.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1077", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:21.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1078", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:21.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1079", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:21.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1080", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:21.780", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001081-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_755", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_1081", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:21.781", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001082-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_756", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_1082", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:21.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1083", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:21.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1084", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:21.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1110", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:21.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_1111", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:21.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 4521984, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_1112", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 4521984, "timestamp": "00:00:21.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\sc.exe.mui", "id": "region_1113", "name": "sc.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\sc.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:00:21.857", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmd.exe\" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_18", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 18, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000018-region_00001085-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_757", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1085", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:21.803", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001086-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_758", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1086", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:21.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1087", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:21.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1088", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:21.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1089", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:21.809", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001090-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_759", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1090", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:21.809", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001091-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_760", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_1091", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:21.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246822400, "type": "region", "version": 1 }, "end_va": 1247133695, "entry_point": 1246855834, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_1092", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246822400, "timestamp": "00:00:21.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1093", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:21.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1094", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:21.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1095", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:21.812", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001096-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_761", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1096", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:21.812", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001097-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_762", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1097", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:21.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001098-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_763", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1098", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:21.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1099", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:21.816", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001100-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_764", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1100", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:21.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1101", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:21.816", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001102-addr_0x00000000005c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_765", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_1102", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:00:21.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1103", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:21.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1104", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:21.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1105", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:21.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1174", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:22.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1175", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:22.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1176", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:22.139", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001177-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_774", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_1177", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:22.139", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001178-addr_0x00000000007e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_775", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9306111, "entry_point": 0, "filename": null, "id": "region_1178", "name": "private_0x00000000007e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8257536, "timestamp": "00:00:22.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1945763840, "type": "region", "version": 1 }, "end_va": 1945792511, "entry_point": 1945768496, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_1179", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1945763840, "timestamp": "00:00:22.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1180", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:22.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1181", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:22.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1182", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:22.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1183", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:22.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1184", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:22.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1185", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:22.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1186", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:22.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1187", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:22.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1188", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:22.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1189", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:22.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1190", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:22.145", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001191-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_776", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_1191", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:22.146", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001192-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_777", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_1192", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:22.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1193", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:22.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1194", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:22.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1195", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:22.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5931007, "entry_point": 0, "filename": null, "id": "region_1196", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:22.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1197", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:22.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1198", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:22.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1199", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:22.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1200", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:22.158", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001201-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_778", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1201", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:22.159", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001202-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_779", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1202", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:22.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_1203", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:00:22.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 30277631, "entry_point": 0, "filename": null, "id": "region_1204", "name": "pagefile_0x00000000008e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9306112, "timestamp": "00:00:22.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 33697791, "entry_point": 0, "filename": null, "id": "region_1205", "name": "pagefile_0x0000000001ce0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30277632, "timestamp": "00:00:22.160", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "vssadmin.exe Delete Shadows /All /Quiet", "filename": "c:\\windows\\syswow64\\vssadmin.exe", "id": "proc_19", "image_name": "vssadmin.exe", "monitor_reason": "child_process", "monitored_id": 19, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000019-region_00001206-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_780", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1206", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:22.162", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001207-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_781", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1207", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:22.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1208", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:22.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1209", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:22.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1210", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:22.165", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001211-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_782", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1211", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:22.165", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001212-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_783", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_1212", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:22.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3796991, "entry_point": 3670016, "filename": "\\Windows\\SysWOW64\\vssadmin.exe", "id": "region_1213", "name": "vssadmin.exe", "norm_filename": "c:\\windows\\syswow64\\vssadmin.exe", "region_type": "memory_mapped_file", "start_va": 3670016, "timestamp": "00:00:22.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2003210239, "entry_point": 2001469440, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1214", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:00:22.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003435520, "type": "region", "version": 1 }, "end_va": 2005008383, "entry_point": 2003435520, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1215", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003435520, "timestamp": "00:00:22.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1216", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:22.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001217-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_784", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1217", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:22.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001218-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_785", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1218", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:22.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001219-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_786", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1219", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:22.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1220", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:22.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001221-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_787", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1221", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:22.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1222", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:22.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001223-addr_0x00000000000b0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_788", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1223", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:22.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1958543360, "type": "region", "version": 1 }, "end_va": 1958576127, "entry_point": 1958551800, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1224", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1958543360, "timestamp": "00:00:22.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958985727, "entry_point": 1958868888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1225", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:22.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959260159, "entry_point": 1959190136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1226", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:00:22.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1227", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:22.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1228", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:22.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 1245184, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1229", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:00:22.281", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001230-addr_0x00000000003e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_789", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_1230", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:22.282", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001231-addr_0x00000000006c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_790", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_1231", "name": "private_0x00000000006c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7077888, "timestamp": "00:00:22.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1138688, "start_va": 1941372928, "type": "region", "version": 1 }, "end_va": 1942511615, "entry_point": 1941372928, "filename": "\\Windows\\SysWOW64\\vssapi.dll", "id": "region_1232", "name": "vssapi.dll", "norm_filename": "c:\\windows\\syswow64\\vssapi.dll", "region_type": "memory_mapped_file", "start_va": 1941372928, "timestamp": "00:00:22.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1945632768, "type": "region", "version": 1 }, "end_va": 1945714687, "entry_point": 1945632768, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_1233", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1945632768, "timestamp": "00:00:22.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1959264256, "type": "region", "version": 1 }, "end_va": 1959329791, "entry_point": 1959264256, "filename": "\\Windows\\SysWOW64\\vsstrace.dll", "id": "region_1234", "name": "vsstrace.dll", "norm_filename": "c:\\windows\\syswow64\\vsstrace.dll", "region_type": "memory_mapped_file", "start_va": 1959264256, "timestamp": "00:00:22.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965015039, "entry_point": 1964970209, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1235", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:00:22.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965031424, "type": "region", "version": 1 }, "end_va": 1965424639, "entry_point": 1965138867, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1236", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965031424, "timestamp": "00:00:22.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966850047, "entry_point": 1965734461, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1237", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:22.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970601983, "entry_point": 1969685865, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1238", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:22.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1970601984, "type": "region", "version": 1 }, "end_va": 1971187711, "entry_point": 1970618289, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1239", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1970601984, "timestamp": "00:00:22.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984102400, "type": "region", "version": 1 }, "end_va": 1985150975, "entry_point": 1984214765, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1240", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984102400, "timestamp": "00:00:22.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1990328320, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1990406867, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1241", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1990328320, "timestamp": "00:00:22.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1992884224, "type": "region", "version": 1 }, "end_va": 1993170943, "entry_point": 1992914040, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1242", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1992884224, "timestamp": "00:00:22.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993916415, "entry_point": 1993254002, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1243", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:22.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1994522624, "type": "region", "version": 1 }, "end_va": 1995112447, "entry_point": 1994613571, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1244", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1994522624, "timestamp": "00:00:22.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996083199, "entry_point": 1995653079, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1245", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:22.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996197887, "entry_point": 1996114293, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1246", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:00:22.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1998585856, "type": "region", "version": 1 }, "end_va": 1999241215, "entry_point": 1998670309, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1247", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1998585856, "timestamp": "00:00:22.316", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001248-addr_0x00000000772a0000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_791", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000416767, "entry_point": 0, "filename": null, "id": "region_1248", "name": "private_0x00000000772a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999241216, "timestamp": "00:00:22.317", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001249-addr_0x00000000773c0000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_792", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000420864, "type": "region", "version": 1 }, "end_va": 2001444863, "entry_point": 0, "filename": null, "id": "region_1249", "name": "private_0x00000000773c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000420864, "timestamp": "00:00:22.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 2003238912, "type": "region", "version": 1 }, "end_va": 2003279871, "entry_point": 2003252896, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1250", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 2003238912, "timestamp": "00:00:22.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1251", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:22.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1252", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:22.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 6717439, "entry_point": 0, "filename": null, "id": "region_1253", "name": "pagefile_0x00000000004e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5111808, "timestamp": "00:00:22.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988739071, "entry_point": 1987909259, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1254", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:00:22.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1989148671, "entry_point": 1988826511, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1255", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:22.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1256", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:22.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_1257", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:22.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 577535, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\vssadmin.exe.mui", "id": "region_1258", "name": "vssadmin.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\vssadmin.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:00:22.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001259-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_793", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_1259", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:22.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001260-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_794", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_1260", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:22.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_1261", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:22.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001262-addr_0x0000000000260000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_795", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_1262", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:00:22.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 8720383, "entry_point": 0, "filename": null, "id": "region_1263", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:00:22.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 29753343, "entry_point": 0, "filename": null, "id": "region_1264", "name": "pagefile_0x0000000000860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8781824, "timestamp": "00:00:22.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001265-addr_0x0000000001d20000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_796", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_1265", "name": "private_0x0000000001d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 30539776, "timestamp": "00:00:22.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1989148672, "type": "region", "version": 1 }, "end_va": 1989685247, "entry_point": 1989157842, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1266", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1989148672, "timestamp": "00:00:22.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001267-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_797", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1267", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:22.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_1268", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:22.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001269-addr_0x0000000001ce0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_798", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_1269", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:00:22.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001270-addr_0x0000000001db0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_799", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_1270", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:00:22.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1960706048, "type": "region", "version": 1 }, "end_va": 1960947711, "entry_point": 1960710797, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1271", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1960706048, "timestamp": "00:00:22.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1960968192, "type": "region", "version": 1 }, "end_va": 1961058303, "entry_point": 1960979907, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1272", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1960968192, "timestamp": "00:00:22.359", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001273-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_800", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1273", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:22.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 34336767, "entry_point": 31391744, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1274", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31391744, "timestamp": "00:00:22.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1962934272, "type": "region", "version": 1 }, "end_va": 1962991615, "entry_point": 1962938933, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_1275", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1962934272, "timestamp": "00:00:22.366", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\" ", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe", "id": "proc_22", "image_name": "xzzx_cryptmix.vir.exe", "monitor_reason": "autostart", "monitored_id": 22, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1900", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:16.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1901", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:16.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1902", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:16.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1903", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:16.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1904", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:16.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_1905", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:16.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_1906", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:16.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1434583040, "type": "region", "version": 1 }, "end_va": 1434828799, "entry_point": 1434583040, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe", "id": "region_1907", "name": "xzzx_cryptmix.vir.exe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xzzx_cryptmix.vir.exe", "region_type": "memory_mapped_file", "start_va": 1434583040, "timestamp": "00:01:16.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993080832, "type": "region", "version": 1 }, "end_va": 1994821631, "entry_point": 1993080832, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1908", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993080832, "timestamp": "00:01:16.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1996619775, "entry_point": 1995046912, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1909", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:16.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1910", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:16.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1911", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:16.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1912", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:16.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1913", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:16.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1914", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:16.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1915", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:16.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1916", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:16.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_2081", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:21.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1933639680, "type": "region", "version": 1 }, "end_va": 1933672447, "entry_point": 1933648120, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2082", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1933639680, "timestamp": "00:01:21.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1933705216, "type": "region", "version": 1 }, "end_va": 1934082047, "entry_point": 1933965208, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2083", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1933705216, "timestamp": "00:01:21.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1934098432, "type": "region", "version": 1 }, "end_va": 1934356479, "entry_point": 1934286456, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2084", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1934098432, "timestamp": "00:01:21.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_2085", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:21.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959288831, "entry_point": 1959031928, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2086", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:21.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1976434688, "type": "region", "version": 1 }, "end_va": 1977548799, "entry_point": 1976513235, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2087", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1976434688, "timestamp": "00:01:21.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1990852608, "type": "region", "version": 1 }, "end_va": 1992028159, "entry_point": 0, "filename": null, "id": "region_2088", "name": "private_0x0000000076aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1990852608, "timestamp": "00:01:21.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993056255, "entry_point": 0, "filename": null, "id": "region_2089", "name": "private_0x0000000076bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992032256, "timestamp": "00:01:21.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2094", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:21.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4550655, "entry_point": 4128768, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2095", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 4128768, "timestamp": "00:01:21.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1922695168, "type": "region", "version": 1 }, "end_va": 1922727935, "entry_point": 1922695168, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2096", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1922695168, "timestamp": "00:01:21.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1922760704, "type": "region", "version": 1 }, "end_va": 1923006463, "entry_point": 1922760704, "filename": "\\Windows\\SysWOW64\\pdh.dll", "id": "region_2097", "name": "pdh.dll", "norm_filename": "c:\\windows\\syswow64\\pdh.dll", "region_type": "memory_mapped_file", "start_va": 1922760704, "timestamp": "00:01:21.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1923022848, "type": "region", "version": 1 }, "end_va": 1923563519, "entry_point": 1923022848, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_2098", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1923022848, "timestamp": "00:01:21.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1956577280, "type": "region", "version": 1 }, "end_va": 1956626431, "entry_point": 1956577280, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2099", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1956577280, "timestamp": "00:01:21.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1956642816, "type": "region", "version": 1 }, "end_va": 1957036031, "entry_point": 1956642816, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2100", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1956642816, "timestamp": "00:01:21.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957036032, "type": "region", "version": 1 }, "end_va": 1957429247, "entry_point": 1957036032, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2101", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957036032, "timestamp": "00:01:21.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1958080511, "entry_point": 1957494784, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2102", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:01:21.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958785023, "entry_point": 1958281216, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_2103", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:21.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1958805504, "type": "region", "version": 1 }, "end_va": 1958965247, "entry_point": 1958805504, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_2104", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1958805504, "timestamp": "00:01:21.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959403519, "entry_point": 1959329792, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_2105", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:21.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1972346879, "entry_point": 1959460864, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2106", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:01:21.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1972764672, "type": "region", "version": 1 }, "end_va": 1973420031, "entry_point": 1972764672, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2107", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1972764672, "timestamp": "00:01:22.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976434687, "entry_point": 1975844864, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2108", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:22.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1977905151, "entry_point": 1977548800, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2109", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:22.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1977942016, "type": "region", "version": 1 }, "end_va": 1978585087, "entry_point": 1977942016, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2110", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1977942016, "timestamp": "00:01:22.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1983037439, "entry_point": 1982332928, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2111", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:01:22.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983053824, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2112", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:01:22.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984610303, "entry_point": 1983184896, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2113", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:22.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985675263, "entry_point": 1984626688, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2114", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:01:23.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987821567, "entry_point": 1986985984, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2115", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:01:23.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 1987878911, "entry_point": 1987837952, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2116", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:01:23.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988886527, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2117", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:01:23.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1988886528, "type": "region", "version": 1 }, "end_va": 1990578175, "entry_point": 1988886528, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_2118", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1988886528, "timestamp": "00:01:23.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2119", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:23.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2120", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:23.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2214", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:23.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2215", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:23.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 0, "filename": null, "id": "region_2216", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:23.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_2217", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:23.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_2218", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:23.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_2219", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:23.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_2220", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:01:23.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6651903, "entry_point": 0, "filename": null, "id": "region_2221", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:01:23.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 8261631, "entry_point": 0, "filename": null, "id": "region_2222", "name": "pagefile_0x0000000000660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6684672, "timestamp": "00:01:23.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 29294591, "entry_point": 0, "filename": null, "id": "region_2223", "name": "pagefile_0x00000000007f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8323072, "timestamp": "00:01:23.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29294592, "type": "region", "version": 1 }, "end_va": 29818879, "entry_point": 0, "filename": null, "id": "region_2224", "name": "private_0x0000000001bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29294592, "timestamp": "00:01:23.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_2225", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:01:23.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 35532799, "entry_point": 0, "filename": null, "id": "region_2226", "name": "pagefile_0x0000000001df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31391744, "timestamp": "00:01:23.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1931149312, "type": "region", "version": 1 }, "end_va": 1931239423, "entry_point": 1931161027, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2227", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1931149312, "timestamp": "00:01:23.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_2228", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:01:23.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1931083776, "type": "region", "version": 1 }, "end_va": 1931116543, "entry_point": 1931097299, "filename": "\\Windows\\SysWOW64\\credssp.dll", "id": "region_2229", "name": "credssp.dll", "norm_filename": "c:\\windows\\syswow64\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 1931083776, "timestamp": "00:01:23.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1931411456, "type": "region", "version": 1 }, "end_va": 1931935743, "entry_point": 1931491273, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_2230", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1931411456, "timestamp": "00:01:23.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1245184, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_2231", "name": "private_0x0000000001c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 29818880, "timestamp": "00:01:23.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 30732287, "entry_point": 0, "filename": null, "id": "region_2251", "name": "pagefile_0x0000000001c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29818880, "timestamp": "00:01:24.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_2252", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:01:24.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_2253", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:24.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 819200, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 38305791, "entry_point": 0, "filename": null, "id": "region_2254", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:01:24.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 38338560, "type": "region", "version": 1 }, "end_va": 41283583, "entry_point": 38338560, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2255", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 38338560, "timestamp": "00:01:24.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2039807, "entry_point": 0, "filename": null, "id": "region_2256", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:24.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1931935744, "type": "region", "version": 1 }, "end_va": 1933631487, "entry_point": 1932125877, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_2257", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1931935744, "timestamp": "00:01:24.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 2097152, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_2258", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:01:24.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2695167, "entry_point": 0, "filename": null, "id": "region_2259", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:24.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_2260", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:01:25.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1974546431, "entry_point": 1974009856, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2261", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:01:25.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_2268", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:01:25.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_2284", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:25.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35586048, "type": "region", "version": 1 }, "end_va": 36634623, "entry_point": 0, "filename": null, "id": "region_2285", "name": "private_0x00000000021f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35586048, "timestamp": "00:01:25.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2286", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:25.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36634624, "type": "region", "version": 1 }, "end_va": 36896767, "entry_point": 0, "filename": null, "id": "region_2300", "name": "private_0x00000000022f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36634624, "timestamp": "00:01:25.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 42336255, "entry_point": 0, "filename": null, "id": "region_2301", "name": "private_0x0000000002760000", "norm_filename": null, "region_type": "private_memory", "start_va": 41287680, "timestamp": "00:01:25.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956380672, "type": "region", "version": 1 }, "end_va": 1956470783, "entry_point": 1956392387, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2302", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956380672, "timestamp": "00:01:25.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2303", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:25.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 36896768, "type": "region", "version": 1 }, "end_va": 37142527, "entry_point": 36901517, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2304", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 36896768, "timestamp": "00:01:25.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956118528, "type": "region", "version": 1 }, "end_va": 1956360191, "entry_point": 1956123277, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2309", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956118528, "timestamp": "00:01:25.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956052992, "type": "region", "version": 1 }, "end_va": 1956110335, "entry_point": 1956057653, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2310", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956052992, "timestamp": "00:01:25.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36896768, "type": "region", "version": 1 }, "end_va": 37158911, "entry_point": 0, "filename": null, "id": "region_2312", "name": "private_0x0000000002330000", "norm_filename": null, "region_type": "private_memory", "start_va": 36896768, "timestamp": "00:01:25.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37158912, "type": "region", "version": 1 }, "end_va": 37421055, "entry_point": 0, "filename": null, "id": "region_2313", "name": "private_0x0000000002370000", "norm_filename": null, "region_type": "private_memory", "start_va": 37158912, "timestamp": "00:01:25.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 43384831, "entry_point": 0, "filename": null, "id": "region_2314", "name": "private_0x0000000002860000", "norm_filename": null, "region_type": "private_memory", "start_va": 42336256, "timestamp": "00:01:25.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 44433407, "entry_point": 0, "filename": null, "id": "region_2315", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:01:25.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2316", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:25.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2317", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:25.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 44433408, "type": "region", "version": 1 }, "end_va": 45219839, "entry_point": 44433408, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2318", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 44433408, "timestamp": "00:01:25.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1955004416, "type": "region", "version": 1 }, "end_va": 1956007935, "entry_point": 1955004416, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_2333", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1955004416, "timestamp": "00:01:26.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1954942975, "entry_point": 1954807808, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_2334", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:01:26.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1979908096, "type": "region", "version": 1 }, "end_va": 1980190719, "entry_point": 1979908096, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_2335", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1979908096, "timestamp": "00:01:26.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2834431, "entry_point": 2818048, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_2336", "name": "cversions.1.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:01:26.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3071999, "entry_point": 2949120, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db", "id": "region_2337", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "region_type": "memory_mapped_file", "start_va": 2949120, "timestamp": "00:01:26.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4853759, "entry_point": 0, "filename": null, "id": "region_2338", "name": "pagefile_0x00000000004a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4849664, "timestamp": "00:01:26.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_2346", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:27.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45219840, "type": "region", "version": 1 }, "end_va": 45481983, "entry_point": 0, "filename": null, "id": "region_2347", "name": "private_0x0000000002b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 45219840, "timestamp": "00:01:27.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45481984, "type": "region", "version": 1 }, "end_va": 46530559, "entry_point": 0, "filename": null, "id": "region_2348", "name": "private_0x0000000002b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 45481984, "timestamp": "00:01:27.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_2349", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:01:27.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4919295, "entry_point": 0, "filename": null, "id": "region_2362", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:01:27.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30740479, "entry_point": 0, "filename": null, "id": "region_2363", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:01:27.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31068159, "entry_point": 0, "filename": null, "id": "region_2364", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:01:27.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37425151, "entry_point": 0, "filename": null, "id": "region_2365", "name": "private_0x00000000023b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37421056, "timestamp": "00:01:27.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46530560, "type": "region", "version": 1 }, "end_va": 47579135, "entry_point": 0, "filename": null, "id": "region_2428", "name": "private_0x0000000002c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 46530560, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 47579136, "type": "region", "version": 1 }, "end_va": 47841279, "entry_point": 0, "filename": null, "id": "region_2429", "name": "private_0x0000000002d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 47579136, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47841280, "type": "region", "version": 1 }, "end_va": 48889855, "entry_point": 0, "filename": null, "id": "region_2430", "name": "private_0x0000000002da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47841280, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48889856, "type": "region", "version": 1 }, "end_va": 49938431, "entry_point": 0, "filename": null, "id": "region_2431", "name": "private_0x0000000002ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48889856, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 49938432, "type": "region", "version": 1 }, "end_va": 50200575, "entry_point": 0, "filename": null, "id": "region_2432", "name": "private_0x0000000002fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49938432, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 50200576, "type": "region", "version": 1 }, "end_va": 51249151, "entry_point": 0, "filename": null, "id": "region_2433", "name": "private_0x0000000002fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50200576, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51249152, "type": "region", "version": 1 }, "end_va": 51253247, "entry_point": 0, "filename": null, "id": "region_2434", "name": "private_0x00000000030e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51249152, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51314688, "type": "region", "version": 1 }, "end_va": 51318783, "entry_point": 0, "filename": null, "id": "region_2435", "name": "private_0x00000000030f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51314688, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51380224, "type": "region", "version": 1 }, "end_va": 51384319, "entry_point": 0, "filename": null, "id": "region_2436", "name": "private_0x0000000003100000", "norm_filename": null, "region_type": "private_memory", "start_va": 51380224, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51445760, "type": "region", "version": 1 }, "end_va": 51449855, "entry_point": 0, "filename": null, "id": "region_2437", "name": "private_0x0000000003110000", "norm_filename": null, "region_type": "private_memory", "start_va": 51445760, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51511296, "type": "region", "version": 1 }, "end_va": 51515391, "entry_point": 0, "filename": null, "id": "region_2438", "name": "private_0x0000000003120000", "norm_filename": null, "region_type": "private_memory", "start_va": 51511296, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51576832, "type": "region", "version": 1 }, "end_va": 51580927, "entry_point": 0, "filename": null, "id": "region_2439", "name": "private_0x0000000003130000", "norm_filename": null, "region_type": "private_memory", "start_va": 51576832, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51642368, "type": "region", "version": 1 }, "end_va": 51646463, "entry_point": 0, "filename": null, "id": "region_2440", "name": "private_0x0000000003140000", "norm_filename": null, "region_type": "private_memory", "start_va": 51642368, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51707904, "type": "region", "version": 1 }, "end_va": 51711999, "entry_point": 0, "filename": null, "id": "region_2441", "name": "private_0x0000000003150000", "norm_filename": null, "region_type": "private_memory", "start_va": 51707904, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51773440, "type": "region", "version": 1 }, "end_va": 51777535, "entry_point": 0, "filename": null, "id": "region_2442", "name": "private_0x0000000003160000", "norm_filename": null, "region_type": "private_memory", "start_va": 51773440, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51838976, "type": "region", "version": 1 }, "end_va": 51843071, "entry_point": 0, "filename": null, "id": "region_2443", "name": "private_0x0000000003170000", "norm_filename": null, "region_type": "private_memory", "start_va": 51838976, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51904512, "type": "region", "version": 1 }, "end_va": 51908607, "entry_point": 0, "filename": null, "id": "region_2444", "name": "private_0x0000000003180000", "norm_filename": null, "region_type": "private_memory", "start_va": 51904512, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51970048, "type": "region", "version": 1 }, "end_va": 51974143, "entry_point": 0, "filename": null, "id": "region_2445", "name": "private_0x0000000003190000", "norm_filename": null, "region_type": "private_memory", "start_va": 51970048, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52035584, "type": "region", "version": 1 }, "end_va": 52039679, "entry_point": 0, "filename": null, "id": "region_2446", "name": "private_0x00000000031a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52035584, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52101120, "type": "region", "version": 1 }, "end_va": 52105215, "entry_point": 0, "filename": null, "id": "region_2447", "name": "private_0x00000000031b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52101120, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52166656, "type": "region", "version": 1 }, "end_va": 52170751, "entry_point": 0, "filename": null, "id": "region_2448", "name": "private_0x00000000031c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52166656, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52232192, "type": "region", "version": 1 }, "end_va": 52236287, "entry_point": 0, "filename": null, "id": "region_2449", "name": "private_0x00000000031d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52232192, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52297728, "type": "region", "version": 1 }, "end_va": 52301823, "entry_point": 0, "filename": null, "id": "region_2450", "name": "private_0x00000000031e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52297728, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52363264, "type": "region", "version": 1 }, "end_va": 52367359, "entry_point": 0, "filename": null, "id": "region_2451", "name": "private_0x00000000031f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52363264, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52428800, "type": "region", "version": 1 }, "end_va": 52432895, "entry_point": 0, "filename": null, "id": "region_2452", "name": "private_0x0000000003200000", "norm_filename": null, "region_type": "private_memory", "start_va": 52428800, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52494336, "type": "region", "version": 1 }, "end_va": 52498431, "entry_point": 0, "filename": null, "id": "region_2453", "name": "private_0x0000000003210000", "norm_filename": null, "region_type": "private_memory", "start_va": 52494336, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52559872, "type": "region", "version": 1 }, "end_va": 52563967, "entry_point": 0, "filename": null, "id": "region_2454", "name": "private_0x0000000003220000", "norm_filename": null, "region_type": "private_memory", "start_va": 52559872, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52625408, "type": "region", "version": 1 }, "end_va": 52629503, "entry_point": 0, "filename": null, "id": "region_2455", "name": "private_0x0000000003230000", "norm_filename": null, "region_type": "private_memory", "start_va": 52625408, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 52695039, "entry_point": 0, "filename": null, "id": "region_2456", "name": "private_0x0000000003240000", "norm_filename": null, "region_type": "private_memory", "start_va": 52690944, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52756480, "type": "region", "version": 1 }, "end_va": 52760575, "entry_point": 0, "filename": null, "id": "region_2457", "name": "private_0x0000000003250000", "norm_filename": null, "region_type": "private_memory", "start_va": 52756480, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52822016, "type": "region", "version": 1 }, "end_va": 52826111, "entry_point": 0, "filename": null, "id": "region_2458", "name": "private_0x0000000003260000", "norm_filename": null, "region_type": "private_memory", "start_va": 52822016, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52887552, "type": "region", "version": 1 }, "end_va": 52891647, "entry_point": 0, "filename": null, "id": "region_2459", "name": "private_0x0000000003270000", "norm_filename": null, "region_type": "private_memory", "start_va": 52887552, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52953088, "type": "region", "version": 1 }, "end_va": 52957183, "entry_point": 0, "filename": null, "id": "region_2460", "name": "private_0x0000000003280000", "norm_filename": null, "region_type": "private_memory", "start_va": 52953088, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53018624, "type": "region", "version": 1 }, "end_va": 53022719, "entry_point": 0, "filename": null, "id": "region_2461", "name": "private_0x0000000003290000", "norm_filename": null, "region_type": "private_memory", "start_va": 53018624, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53084160, "type": "region", "version": 1 }, "end_va": 53088255, "entry_point": 0, "filename": null, "id": "region_2462", "name": "private_0x00000000032a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53084160, "timestamp": "00:01:29.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53149696, "type": "region", "version": 1 }, "end_va": 53153791, "entry_point": 0, "filename": null, "id": "region_2463", "name": "private_0x00000000032b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53149696, "timestamp": "00:01:29.196", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\ProgramData\\BCE1010314.exe\" ", "filename": "c:\\programdata\\bce1010314.exe", "id": "proc_23", "image_name": "bce1010314.exe", "monitor_reason": "autostart", "monitored_id": 23, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2038", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:19.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2039", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:19.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2040", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:19.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_2041", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:19.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_2042", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:19.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_2043", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:19.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_2044", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:19.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1434583040, "type": "region", "version": 1 }, "end_va": 1434828799, "entry_point": 1434583040, "filename": "\\ProgramData\\BCE1010314.exe", "id": "region_2045", "name": "bce1010314.exe", "norm_filename": "c:\\programdata\\bce1010314.exe", "region_type": "memory_mapped_file", "start_va": 1434583040, "timestamp": "00:01:19.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993080832, "type": "region", "version": 1 }, "end_va": 1994821631, "entry_point": 1993080832, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2046", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993080832, "timestamp": "00:01:19.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1996619775, "entry_point": 1995046912, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2047", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:19.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2048", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:19.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2049", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:19.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2050", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:19.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2051", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:19.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2052", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:19.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2053", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:19.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2054", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:19.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_2090", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:21.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1933639680, "type": "region", "version": 1 }, "end_va": 1933672447, "entry_point": 1933648120, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2091", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1933639680, "timestamp": "00:01:21.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1933705216, "type": "region", "version": 1 }, "end_va": 1934082047, "entry_point": 1933965208, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2092", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1933705216, "timestamp": "00:01:21.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1934098432, "type": "region", "version": 1 }, "end_va": 1934356479, "entry_point": 1934286456, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2093", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1934098432, "timestamp": "00:01:21.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2121", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:23.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 1769472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2122", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:01:23.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_2123", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:23.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1922695168, "type": "region", "version": 1 }, "end_va": 1922727935, "entry_point": 1922699497, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2124", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1922695168, "timestamp": "00:01:23.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1922760704, "type": "region", "version": 1 }, "end_va": 1923006463, "entry_point": 1922765718, "filename": "\\Windows\\SysWOW64\\pdh.dll", "id": "region_2125", "name": "pdh.dll", "norm_filename": "c:\\windows\\syswow64\\pdh.dll", "region_type": "memory_mapped_file", "start_va": 1922760704, "timestamp": "00:01:23.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1923022848, "type": "region", "version": 1 }, "end_va": 1923563519, "entry_point": 1923029417, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_2126", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1923022848, "timestamp": "00:01:23.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1956577280, "type": "region", "version": 1 }, "end_va": 1956626431, "entry_point": 1956581601, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2127", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1956577280, "timestamp": "00:01:23.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1956642816, "type": "region", "version": 1 }, "end_va": 1957036031, "entry_point": 1956750259, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2128", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1956642816, "timestamp": "00:01:23.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957036032, "type": "region", "version": 1 }, "end_va": 1957429247, "entry_point": 1957107087, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2129", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957036032, "timestamp": "00:01:23.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1958080511, "entry_point": 1957511089, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2130", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:01:23.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958785023, "entry_point": 1958288110, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_2131", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:23.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1958805504, "type": "region", "version": 1 }, "end_va": 1958965247, "entry_point": 1958828217, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_2132", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1958805504, "timestamp": "00:01:23.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959288831, "entry_point": 1959031928, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2133", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:23.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959403519, "entry_point": 1959334977, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_2134", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:23.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1972346879, "entry_point": 1959990785, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2135", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:01:23.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1972764672, "type": "region", "version": 1 }, "end_va": 1973420031, "entry_point": 1972849125, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2136", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1972764672, "timestamp": "00:01:23.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976434687, "entry_point": 1975935811, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2137", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:23.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1976434688, "type": "region", "version": 1 }, "end_va": 1977548799, "entry_point": 1976513235, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2138", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1976434688, "timestamp": "00:01:23.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1977905151, "entry_point": 1977654182, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2139", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:23.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1977942016, "type": "region", "version": 1 }, "end_va": 1978585087, "entry_point": 1978154967, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2140", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1977942016, "timestamp": "00:01:23.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1983037439, "entry_point": 1982375026, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2141", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:01:23.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2142", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:01:23.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984610303, "entry_point": 1983494717, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2143", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:23.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985675263, "entry_point": 1984739053, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2144", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:01:23.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987821567, "entry_point": 1986991755, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2145", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:01:23.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 1987878911, "entry_point": 1987851936, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2146", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:01:23.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988886527, "entry_point": 1987970409, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2147", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:01:23.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1988886528, "type": "region", "version": 1 }, "end_va": 1990578175, "entry_point": 1988892647, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_2148", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1988886528, "timestamp": "00:01:23.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1990852608, "type": "region", "version": 1 }, "end_va": 1992028159, "entry_point": 0, "filename": null, "id": "region_2149", "name": "private_0x0000000076aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1990852608, "timestamp": "00:01:23.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993056255, "entry_point": 0, "filename": null, "id": "region_2150", "name": "private_0x0000000076bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992032256, "timestamp": "00:01:23.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2151", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:23.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2152", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:23.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2181", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2182", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2256895, "entry_point": 0, "filename": null, "id": "region_2183", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2301951, "entry_point": 0, "filename": null, "id": "region_2184", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_2185", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 6258687, "entry_point": 0, "filename": null, "id": "region_2186", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_2187", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 8065023, "entry_point": 0, "filename": null, "id": "region_2188", "name": "pagefile_0x0000000000630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6488064, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_2189", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 30408704, "type": "region", "version": 1 }, "end_va": 30474239, "entry_point": 0, "filename": null, "id": "region_2190", "name": "private_0x0000000001d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 30408704, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 31981567, "entry_point": 0, "filename": null, "id": "region_2191", "name": "private_0x0000000001e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 31916032, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_2192", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 36909055, "entry_point": 0, "filename": null, "id": "region_2193", "name": "pagefile_0x0000000001f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32768000, "timestamp": "00:01:23.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1931149312, "type": "region", "version": 1 }, "end_va": 1931239423, "entry_point": 1931149312, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2194", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1931149312, "timestamp": "00:01:23.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_2195", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:23.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1931083776, "type": "region", "version": 1 }, "end_va": 1931116543, "entry_point": 1931083776, "filename": "\\Windows\\SysWOW64\\credssp.dll", "id": "region_2196", "name": "credssp.dll", "norm_filename": "c:\\windows\\syswow64\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 1931083776, "timestamp": "00:01:23.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1931411456, "type": "region", "version": 1 }, "end_va": 1931935743, "entry_point": 1931491273, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_2232", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1931411456, "timestamp": "00:01:24.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29753343, "entry_point": 0, "filename": null, "id": "region_2233", "name": "private_0x0000000001bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29097984, "timestamp": "00:01:24.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 30474240, "type": "region", "version": 1 }, "end_va": 31387647, "entry_point": 0, "filename": null, "id": "region_2234", "name": "pagefile_0x0000000001d10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30474240, "timestamp": "00:01:24.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_2236", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:01:24.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 819200, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 38633471, "entry_point": 0, "filename": null, "id": "region_2237", "name": "private_0x0000000002410000", "norm_filename": null, "region_type": "private_memory", "start_va": 37814272, "timestamp": "00:01:24.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 38666240, "type": "region", "version": 1 }, "end_va": 41611263, "entry_point": 38666240, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2241", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 38666240, "timestamp": "00:01:24.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3481599, "entry_point": 0, "filename": null, "id": "region_2243", "name": "pagefile_0x0000000000350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3473408, "timestamp": "00:01:24.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1931935744, "type": "region", "version": 1 }, "end_va": 1933631487, "entry_point": 1931935744, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_2244", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1931935744, "timestamp": "00:01:24.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3543039, "entry_point": 3538944, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_2245", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 3538944, "timestamp": "00:01:24.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6299647, "entry_point": 0, "filename": null, "id": "region_2249", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:01:24.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3543039, "entry_point": 0, "filename": null, "id": "region_2262", "name": "pagefile_0x0000000000360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3538944, "timestamp": "00:01:25.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1974546431, "entry_point": 1974019026, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2263", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:01:25.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6361087, "entry_point": 0, "filename": null, "id": "region_2264", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:01:25.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29360127, "entry_point": 0, "filename": null, "id": "region_2269", "name": "private_0x0000000001bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29097984, "timestamp": "00:01:25.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 29753343, "entry_point": 0, "filename": null, "id": "region_2270", "name": "private_0x0000000001c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 29491200, "timestamp": "00:01:25.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_2271", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:01:25.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2272", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:25.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 30015487, "entry_point": 0, "filename": null, "id": "region_2273", "name": "private_0x0000000001c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 29753344, "timestamp": "00:01:25.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_2274", "name": "private_0x00000000028b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42663936, "timestamp": "00:01:25.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956380672, "type": "region", "version": 1 }, "end_va": 1956470783, "entry_point": 1956392387, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2275", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956380672, "timestamp": "00:01:25.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2276", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:25.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30261247, "entry_point": 30015488, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2277", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 30015488, "timestamp": "00:01:25.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30261247, "entry_point": 30020237, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2278", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 30015488, "timestamp": "00:01:25.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956118528, "type": "region", "version": 1 }, "end_va": 1956360191, "entry_point": 1956123277, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2282", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956118528, "timestamp": "00:01:25.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956052992, "type": "region", "version": 1 }, "end_va": 1956110335, "entry_point": 1956052992, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2283", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956052992, "timestamp": "00:01:25.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30277631, "entry_point": 0, "filename": null, "id": "region_2325", "name": "private_0x0000000001ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30015488, "timestamp": "00:01:25.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31653887, "entry_point": 0, "filename": null, "id": "region_2326", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:01:25.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 44761087, "entry_point": 0, "filename": null, "id": "region_2327", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:01:25.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44761088, "type": "region", "version": 1 }, "end_va": 45809663, "entry_point": 0, "filename": null, "id": "region_2328", "name": "private_0x0000000002ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44761088, "timestamp": "00:01:25.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2329", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:25.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2330", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:25.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 36962304, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 36962304, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2332", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 36962304, "timestamp": "00:01:26.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 29364223, "entry_point": 0, "filename": null, "id": "region_2339", "name": "private_0x0000000001c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 29360128, "timestamp": "00:01:27.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_2340", "name": "private_0x0000000001e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 31653888, "timestamp": "00:01:27.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_2341", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:01:27.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45809664, "type": "region", "version": 1 }, "end_va": 46858239, "entry_point": 0, "filename": null, "id": "region_2342", "name": "private_0x0000000002bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45809664, "timestamp": "00:01:27.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46858240, "type": "region", "version": 1 }, "end_va": 47906815, "entry_point": 0, "filename": null, "id": "region_2343", "name": "private_0x0000000002cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46858240, "timestamp": "00:01:27.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_2344", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:01:27.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_2345", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:01:27.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 29429759, "entry_point": 0, "filename": null, "id": "region_2358", "name": "private_0x0000000001c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 29425664, "timestamp": "00:01:27.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30281727, "entry_point": 0, "filename": null, "id": "region_2359", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:01:27.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 30347263, "entry_point": 0, "filename": null, "id": "region_2360", "name": "private_0x0000000001cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30343168, "timestamp": "00:01:27.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32247807, "entry_point": 0, "filename": null, "id": "region_2361", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:01:27.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32313343, "entry_point": 0, "filename": null, "id": "region_2366", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32378879, "entry_point": 0, "filename": null, "id": "region_2367", "name": "private_0x0000000001ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32374784, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 32444415, "entry_point": 0, "filename": null, "id": "region_2368", "name": "private_0x0000000001ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32440320, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 37752831, "entry_point": 0, "filename": null, "id": "region_2369", "name": "private_0x0000000002400000", "norm_filename": null, "region_type": "private_memory", "start_va": 37748736, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47906816, "type": "region", "version": 1 }, "end_va": 48955391, "entry_point": 0, "filename": null, "id": "region_2370", "name": "private_0x0000000002db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47906816, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 48955392, "type": "region", "version": 1 }, "end_va": 49217535, "entry_point": 0, "filename": null, "id": "region_2371", "name": "private_0x0000000002eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48955392, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49217536, "type": "region", "version": 1 }, "end_va": 50266111, "entry_point": 0, "filename": null, "id": "region_2372", "name": "private_0x0000000002ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49217536, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50266112, "type": "region", "version": 1 }, "end_va": 50270207, "entry_point": 0, "filename": null, "id": "region_2373", "name": "private_0x0000000002ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50266112, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50331648, "type": "region", "version": 1 }, "end_va": 50335743, "entry_point": 0, "filename": null, "id": "region_2374", "name": "private_0x0000000003000000", "norm_filename": null, "region_type": "private_memory", "start_va": 50331648, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50397184, "type": "region", "version": 1 }, "end_va": 50401279, "entry_point": 0, "filename": null, "id": "region_2375", "name": "private_0x0000000003010000", "norm_filename": null, "region_type": "private_memory", "start_va": 50397184, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50462720, "type": "region", "version": 1 }, "end_va": 50466815, "entry_point": 0, "filename": null, "id": "region_2376", "name": "private_0x0000000003020000", "norm_filename": null, "region_type": "private_memory", "start_va": 50462720, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50528256, "type": "region", "version": 1 }, "end_va": 50532351, "entry_point": 0, "filename": null, "id": "region_2377", "name": "private_0x0000000003030000", "norm_filename": null, "region_type": "private_memory", "start_va": 50528256, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50593792, "type": "region", "version": 1 }, "end_va": 50597887, "entry_point": 0, "filename": null, "id": "region_2378", "name": "private_0x0000000003040000", "norm_filename": null, "region_type": "private_memory", "start_va": 50593792, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50659328, "type": "region", "version": 1 }, "end_va": 50663423, "entry_point": 0, "filename": null, "id": "region_2379", "name": "private_0x0000000003050000", "norm_filename": null, "region_type": "private_memory", "start_va": 50659328, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50724864, "type": "region", "version": 1 }, "end_va": 50728959, "entry_point": 0, "filename": null, "id": "region_2380", "name": "private_0x0000000003060000", "norm_filename": null, "region_type": "private_memory", "start_va": 50724864, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50790400, "type": "region", "version": 1 }, "end_va": 50794495, "entry_point": 0, "filename": null, "id": "region_2381", "name": "private_0x0000000003070000", "norm_filename": null, "region_type": "private_memory", "start_va": 50790400, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50855936, "type": "region", "version": 1 }, "end_va": 50860031, "entry_point": 0, "filename": null, "id": "region_2382", "name": "private_0x0000000003080000", "norm_filename": null, "region_type": "private_memory", "start_va": 50855936, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50921472, "type": "region", "version": 1 }, "end_va": 50925567, "entry_point": 0, "filename": null, "id": "region_2383", "name": "private_0x0000000003090000", "norm_filename": null, "region_type": "private_memory", "start_va": 50921472, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 50987008, "type": "region", "version": 1 }, "end_va": 50991103, "entry_point": 0, "filename": null, "id": "region_2384", "name": "private_0x00000000030a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50987008, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51052544, "type": "region", "version": 1 }, "end_va": 51056639, "entry_point": 0, "filename": null, "id": "region_2385", "name": "private_0x00000000030b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51052544, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51118080, "type": "region", "version": 1 }, "end_va": 51122175, "entry_point": 0, "filename": null, "id": "region_2386", "name": "private_0x00000000030c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51118080, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51183616, "type": "region", "version": 1 }, "end_va": 51187711, "entry_point": 0, "filename": null, "id": "region_2387", "name": "private_0x00000000030d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51183616, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51249152, "type": "region", "version": 1 }, "end_va": 51253247, "entry_point": 0, "filename": null, "id": "region_2388", "name": "private_0x00000000030e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51249152, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51314688, "type": "region", "version": 1 }, "end_va": 51318783, "entry_point": 0, "filename": null, "id": "region_2389", "name": "private_0x00000000030f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51314688, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51380224, "type": "region", "version": 1 }, "end_va": 51384319, "entry_point": 0, "filename": null, "id": "region_2390", "name": "private_0x0000000003100000", "norm_filename": null, "region_type": "private_memory", "start_va": 51380224, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51445760, "type": "region", "version": 1 }, "end_va": 51449855, "entry_point": 0, "filename": null, "id": "region_2391", "name": "private_0x0000000003110000", "norm_filename": null, "region_type": "private_memory", "start_va": 51445760, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51511296, "type": "region", "version": 1 }, "end_va": 51515391, "entry_point": 0, "filename": null, "id": "region_2392", "name": "private_0x0000000003120000", "norm_filename": null, "region_type": "private_memory", "start_va": 51511296, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51576832, "type": "region", "version": 1 }, "end_va": 51580927, "entry_point": 0, "filename": null, "id": "region_2393", "name": "private_0x0000000003130000", "norm_filename": null, "region_type": "private_memory", "start_va": 51576832, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51642368, "type": "region", "version": 1 }, "end_va": 51646463, "entry_point": 0, "filename": null, "id": "region_2394", "name": "private_0x0000000003140000", "norm_filename": null, "region_type": "private_memory", "start_va": 51642368, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51707904, "type": "region", "version": 1 }, "end_va": 51711999, "entry_point": 0, "filename": null, "id": "region_2395", "name": "private_0x0000000003150000", "norm_filename": null, "region_type": "private_memory", "start_va": 51707904, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51773440, "type": "region", "version": 1 }, "end_va": 51777535, "entry_point": 0, "filename": null, "id": "region_2396", "name": "private_0x0000000003160000", "norm_filename": null, "region_type": "private_memory", "start_va": 51773440, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51838976, "type": "region", "version": 1 }, "end_va": 51843071, "entry_point": 0, "filename": null, "id": "region_2397", "name": "private_0x0000000003170000", "norm_filename": null, "region_type": "private_memory", "start_va": 51838976, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51904512, "type": "region", "version": 1 }, "end_va": 51908607, "entry_point": 0, "filename": null, "id": "region_2398", "name": "private_0x0000000003180000", "norm_filename": null, "region_type": "private_memory", "start_va": 51904512, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51970048, "type": "region", "version": 1 }, "end_va": 51974143, "entry_point": 0, "filename": null, "id": "region_2399", "name": "private_0x0000000003190000", "norm_filename": null, "region_type": "private_memory", "start_va": 51970048, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52035584, "type": "region", "version": 1 }, "end_va": 52039679, "entry_point": 0, "filename": null, "id": "region_2400", "name": "private_0x00000000031a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52035584, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52101120, "type": "region", "version": 1 }, "end_va": 52105215, "entry_point": 0, "filename": null, "id": "region_2401", "name": "private_0x00000000031b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52101120, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52166656, "type": "region", "version": 1 }, "end_va": 52170751, "entry_point": 0, "filename": null, "id": "region_2402", "name": "private_0x00000000031c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52166656, "timestamp": "00:01:29.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52232192, "type": "region", "version": 1 }, "end_va": 52236287, "entry_point": 0, "filename": null, "id": "region_2403", "name": "private_0x00000000031d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52232192, "timestamp": "00:01:29.165", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\ProgramData\\BCE1010314.exe\" ", "filename": "c:\\programdata\\bce1010314.exe", "id": "proc_24", "image_name": "bce1010314.exe", "monitor_reason": "autostart", "monitored_id": 24, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2055", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:19.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2056", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:19.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2057", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:19.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_2058", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:19.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_2059", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:19.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_2060", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:19.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_2061", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:19.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1434583040, "type": "region", "version": 1 }, "end_va": 1434828799, "entry_point": 1434638369, "filename": "\\ProgramData\\BCE1010314.exe", "id": "region_2062", "name": "bce1010314.exe", "norm_filename": "c:\\programdata\\bce1010314.exe", "region_type": "memory_mapped_file", "start_va": 1434583040, "timestamp": "00:01:19.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993080832, "type": "region", "version": 1 }, "end_va": 1994821631, "entry_point": 1993080832, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2063", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993080832, "timestamp": "00:01:19.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1996619775, "entry_point": 1995046912, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2064", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:01:19.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2065", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:19.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2066", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:19.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2067", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:19.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2068", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:19.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2069", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:19.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2070", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:19.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2071", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:19.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_2072", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:19.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1933639680, "type": "region", "version": 1 }, "end_va": 1933672447, "entry_point": 1933639680, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2073", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1933639680, "timestamp": "00:01:19.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1933705216, "type": "region", "version": 1 }, "end_va": 1934082047, "entry_point": 1933705216, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2074", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1933705216, "timestamp": "00:01:19.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1934098432, "type": "region", "version": 1 }, "end_va": 1934356479, "entry_point": 1934098432, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2075", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1934098432, "timestamp": "00:01:19.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_2076", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:19.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959288831, "entry_point": 1959002112, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2077", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:01:19.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1976434688, "type": "region", "version": 1 }, "end_va": 1977548799, "entry_point": 1976434688, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2078", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1976434688, "timestamp": "00:01:19.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1990852608, "type": "region", "version": 1 }, "end_va": 1992028159, "entry_point": 0, "filename": null, "id": "region_2079", "name": "private_0x0000000076aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1990852608, "timestamp": "00:01:20.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993056255, "entry_point": 0, "filename": null, "id": "region_2080", "name": "private_0x0000000076bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992032256, "timestamp": "00:01:20.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2153", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:23.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4026367, "entry_point": 3604480, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2154", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3604480, "timestamp": "00:01:23.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_2155", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:23.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1922695168, "type": "region", "version": 1 }, "end_va": 1922727935, "entry_point": 1922699497, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2156", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1922695168, "timestamp": "00:01:23.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1922760704, "type": "region", "version": 1 }, "end_va": 1923006463, "entry_point": 1922765718, "filename": "\\Windows\\SysWOW64\\pdh.dll", "id": "region_2157", "name": "pdh.dll", "norm_filename": "c:\\windows\\syswow64\\pdh.dll", "region_type": "memory_mapped_file", "start_va": 1922760704, "timestamp": "00:01:23.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1923022848, "type": "region", "version": 1 }, "end_va": 1923563519, "entry_point": 1923029417, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_2158", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1923022848, "timestamp": "00:01:23.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1956577280, "type": "region", "version": 1 }, "end_va": 1956626431, "entry_point": 1956581601, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2159", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1956577280, "timestamp": "00:01:23.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1956642816, "type": "region", "version": 1 }, "end_va": 1957036031, "entry_point": 1956750259, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2160", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1956642816, "timestamp": "00:01:23.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957036032, "type": "region", "version": 1 }, "end_va": 1957429247, "entry_point": 1957107087, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2161", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957036032, "timestamp": "00:01:23.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1958080511, "entry_point": 1957511089, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2162", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:01:23.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958785023, "entry_point": 1958288110, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_2163", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:23.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1958805504, "type": "region", "version": 1 }, "end_va": 1958965247, "entry_point": 1958828217, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_2164", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1958805504, "timestamp": "00:01:23.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959403519, "entry_point": 1959334977, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_2165", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:23.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1972346879, "entry_point": 1959990785, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2166", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:01:23.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1972764672, "type": "region", "version": 1 }, "end_va": 1973420031, "entry_point": 1972849125, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2167", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1972764672, "timestamp": "00:01:23.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976434687, "entry_point": 1975935811, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2168", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:23.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1977905151, "entry_point": 1977654182, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2169", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:01:23.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1977942016, "type": "region", "version": 1 }, "end_va": 1978585087, "entry_point": 1978154967, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2170", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1977942016, "timestamp": "00:01:23.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1983037439, "entry_point": 1982375026, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2171", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:01:23.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2172", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:01:23.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984610303, "entry_point": 1983494717, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2173", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:23.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985675263, "entry_point": 1984739053, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2174", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:01:23.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987821567, "entry_point": 1986991755, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2175", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:01:23.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 1987878911, "entry_point": 1987851936, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2176", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:01:23.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988886527, "entry_point": 1987970409, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2177", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:01:23.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1988886528, "type": "region", "version": 1 }, "end_va": 1990578175, "entry_point": 1988892647, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_2178", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1988886528, "timestamp": "00:01:23.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2179", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:23.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2180", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:23.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2197", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:23.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2198", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:23.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 0, "filename": null, "id": "region_2199", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:23.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_2200", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:23.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5931007, "entry_point": 0, "filename": null, "id": "region_2201", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:23.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7540735, "entry_point": 0, "filename": null, "id": "region_2202", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:01:23.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_2203", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:01:23.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28573696, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_2204", "name": "private_0x0000000001b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 28573696, "timestamp": "00:01:23.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 29556735, "entry_point": 0, "filename": null, "id": "region_2205", "name": "private_0x0000000001c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 29491200, "timestamp": "00:01:23.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30212095, "entry_point": 0, "filename": null, "id": "region_2206", "name": "private_0x0000000001cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30146560, "timestamp": "00:01:23.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 31850495, "entry_point": 0, "filename": null, "id": "region_2207", "name": "private_0x0000000001e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 31588352, "timestamp": "00:01:23.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 35991551, "entry_point": 0, "filename": null, "id": "region_2208", "name": "pagefile_0x0000000001e60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31850496, "timestamp": "00:01:23.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1931149312, "type": "region", "version": 1 }, "end_va": 1931239423, "entry_point": 1931161027, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2209", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1931149312, "timestamp": "00:01:23.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_2210", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:23.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1931083776, "type": "region", "version": 1 }, "end_va": 1931116543, "entry_point": 1931097299, "filename": "\\Windows\\SysWOW64\\credssp.dll", "id": "region_2211", "name": "credssp.dll", "norm_filename": "c:\\windows\\syswow64\\credssp.dll", "region_type": "memory_mapped_file", "start_va": 1931083776, "timestamp": "00:01:23.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1931411456, "type": "region", "version": 1 }, "end_va": 1931935743, "entry_point": 1931411456, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_2212", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1931411456, "timestamp": "00:01:23.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 36044800, "type": "region", "version": 1 }, "end_va": 37617663, "entry_point": 0, "filename": null, "id": "region_2213", "name": "private_0x0000000002260000", "norm_filename": null, "region_type": "private_memory", "start_va": 36044800, "timestamp": "00:01:23.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 31125503, "entry_point": 0, "filename": null, "id": "region_2235", "name": "pagefile_0x0000000001cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30212096, "timestamp": "00:01:24.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_2238", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:01:24.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 819200, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 37322751, "entry_point": 0, "filename": null, "id": "region_2239", "name": "private_0x00000000022d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36503552, "timestamp": "00:01:24.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 37617663, "entry_point": 0, "filename": null, "id": "region_2240", "name": "private_0x00000000023a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37355520, "timestamp": "00:01:24.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 37617664, "type": "region", "version": 1 }, "end_va": 40562687, "entry_point": 37617664, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2242", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 37617664, "timestamp": "00:01:24.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2498559, "entry_point": 0, "filename": null, "id": "region_2246", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:01:24.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1931935744, "type": "region", "version": 1 }, "end_va": 1933631487, "entry_point": 1932125877, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_2247", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1931935744, "timestamp": "00:01:24.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 4063232, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_2248", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 4063232, "timestamp": "00:01:24.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_2250", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:24.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_2265", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:25.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1974546431, "entry_point": 1974019026, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2266", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:01:25.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4198399, "entry_point": 0, "filename": null, "id": "region_2267", "name": "pagefile_0x0000000000400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4194304, "timestamp": "00:01:25.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29360127, "entry_point": 0, "filename": null, "id": "region_2287", "name": "private_0x0000000001bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29097984, "timestamp": "00:01:25.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40566784, "type": "region", "version": 1 }, "end_va": 41615359, "entry_point": 0, "filename": null, "id": "region_2288", "name": "private_0x00000000026b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40566784, "timestamp": "00:01:25.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2289", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:25.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 29818879, "entry_point": 0, "filename": null, "id": "region_2290", "name": "private_0x0000000001c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 29556736, "timestamp": "00:01:25.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_2291", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:01:25.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956380672, "type": "region", "version": 1 }, "end_va": 1956470783, "entry_point": 1956392387, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2292", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956380672, "timestamp": "00:01:25.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2293", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:25.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 30064639, "entry_point": 29823629, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2294", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 29818880, "timestamp": "00:01:25.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956118528, "type": "region", "version": 1 }, "end_va": 1956360191, "entry_point": 1956123277, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2299", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956118528, "timestamp": "00:01:25.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1956052992, "type": "region", "version": 1 }, "end_va": 1956110335, "entry_point": 1956057653, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2311", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1956052992, "timestamp": "00:01:25.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 30081023, "entry_point": 0, "filename": null, "id": "region_2319", "name": "private_0x0000000001c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 29818880, "timestamp": "00:01:25.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_2320", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:01:25.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_2321", "name": "private_0x00000000028b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42663936, "timestamp": "00:01:25.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 44761087, "entry_point": 0, "filename": null, "id": "region_2322", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:01:25.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2323", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:25.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2324", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:25.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 44761088, "type": "region", "version": 1 }, "end_va": 45547519, "entry_point": 44761088, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2331", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 44761088, "timestamp": "00:01:26.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 29364223, "entry_point": 0, "filename": null, "id": "region_2350", "name": "private_0x0000000001c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 29360128, "timestamp": "00:01:27.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36044800, "type": "region", "version": 1 }, "end_va": 36306943, "entry_point": 0, "filename": null, "id": "region_2351", "name": "private_0x0000000002260000", "norm_filename": null, "region_type": "private_memory", "start_va": 36044800, "timestamp": "00:01:27.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45547520, "type": "region", "version": 1 }, "end_va": 46596095, "entry_point": 0, "filename": null, "id": "region_2352", "name": "private_0x0000000002b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 45547520, "timestamp": "00:01:27.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_2353", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:01:27.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 29429759, "entry_point": 0, "filename": null, "id": "region_2354", "name": "private_0x0000000001c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 29425664, "timestamp": "00:01:27.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30085119, "entry_point": 0, "filename": null, "id": "region_2355", "name": "private_0x0000000001cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30081024, "timestamp": "00:01:27.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31395839, "entry_point": 0, "filename": null, "id": "region_2356", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:01:27.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 31461375, "entry_point": 0, "filename": null, "id": "region_2357", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:01:27.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31522816, "type": "region", "version": 1 }, "end_va": 31526911, "entry_point": 0, "filename": null, "id": "region_2609", "name": "private_0x0000000001e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 31522816, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 36311039, "entry_point": 0, "filename": null, "id": "region_2610", "name": "private_0x00000000022a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36306944, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36372480, "type": "region", "version": 1 }, "end_va": 36376575, "entry_point": 0, "filename": null, "id": "region_2611", "name": "private_0x00000000022b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36372480, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36438016, "type": "region", "version": 1 }, "end_va": 36442111, "entry_point": 0, "filename": null, "id": "region_2612", "name": "private_0x00000000022c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36438016, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46596096, "type": "region", "version": 1 }, "end_va": 47644671, "entry_point": 0, "filename": null, "id": "region_2613", "name": "private_0x0000000002c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 46596096, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 47644672, "type": "region", "version": 1 }, "end_va": 47906815, "entry_point": 0, "filename": null, "id": "region_2614", "name": "private_0x0000000002d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 47644672, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47906816, "type": "region", "version": 1 }, "end_va": 48955391, "entry_point": 0, "filename": null, "id": "region_2615", "name": "private_0x0000000002db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47906816, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 48955392, "type": "region", "version": 1 }, "end_va": 49217535, "entry_point": 0, "filename": null, "id": "region_2616", "name": "private_0x0000000002eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48955392, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49217536, "type": "region", "version": 1 }, "end_va": 50266111, "entry_point": 0, "filename": null, "id": "region_2617", "name": "private_0x0000000002ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49217536, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 50266112, "type": "region", "version": 1 }, "end_va": 50528255, "entry_point": 0, "filename": null, "id": "region_2618", "name": "private_0x0000000002ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50266112, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 50528256, "type": "region", "version": 1 }, "end_va": 51576831, "entry_point": 0, "filename": null, "id": "region_2619", "name": "private_0x0000000003030000", "norm_filename": null, "region_type": "private_memory", "start_va": 50528256, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 51576832, "type": "region", "version": 1 }, "end_va": 51838975, "entry_point": 0, "filename": null, "id": "region_2620", "name": "private_0x0000000003130000", "norm_filename": null, "region_type": "private_memory", "start_va": 51576832, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51838976, "type": "region", "version": 1 }, "end_va": 52887551, "entry_point": 0, "filename": null, "id": "region_2621", "name": "private_0x0000000003170000", "norm_filename": null, "region_type": "private_memory", "start_va": 51838976, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 52887552, "type": "region", "version": 1 }, "end_va": 53149695, "entry_point": 0, "filename": null, "id": "region_2622", "name": "private_0x0000000003270000", "norm_filename": null, "region_type": "private_memory", "start_va": 52887552, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 53149696, "type": "region", "version": 1 }, "end_va": 54198271, "entry_point": 0, "filename": null, "id": "region_2623", "name": "private_0x00000000032b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53149696, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 54198272, "type": "region", "version": 1 }, "end_va": 54460415, "entry_point": 0, "filename": null, "id": "region_2624", "name": "private_0x00000000033b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54198272, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 54460416, "type": "region", "version": 1 }, "end_va": 55508991, "entry_point": 0, "filename": null, "id": "region_2625", "name": "private_0x00000000033f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54460416, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 55508992, "type": "region", "version": 1 }, "end_va": 55771135, "entry_point": 0, "filename": null, "id": "region_2626", "name": "private_0x00000000034f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55508992, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 55771136, "type": "region", "version": 1 }, "end_va": 56819711, "entry_point": 0, "filename": null, "id": "region_2627", "name": "private_0x0000000003530000", "norm_filename": null, "region_type": "private_memory", "start_va": 55771136, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 56819712, "type": "region", "version": 1 }, "end_va": 57081855, "entry_point": 0, "filename": null, "id": "region_2628", "name": "private_0x0000000003630000", "norm_filename": null, "region_type": "private_memory", "start_va": 56819712, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 57081856, "type": "region", "version": 1 }, "end_va": 58130431, "entry_point": 0, "filename": null, "id": "region_2629", "name": "private_0x0000000003670000", "norm_filename": null, "region_type": "private_memory", "start_va": 57081856, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 58130432, "type": "region", "version": 1 }, "end_va": 58134527, "entry_point": 0, "filename": null, "id": "region_2630", "name": "private_0x0000000003770000", "norm_filename": null, "region_type": "private_memory", "start_va": 58130432, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 58195968, "type": "region", "version": 1 }, "end_va": 58458111, "entry_point": 0, "filename": null, "id": "region_2631", "name": "private_0x0000000003780000", "norm_filename": null, "region_type": "private_memory", "start_va": 58195968, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 58458112, "type": "region", "version": 1 }, "end_va": 59506687, "entry_point": 0, "filename": null, "id": "region_2632", "name": "private_0x00000000037c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 58458112, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 59506688, "type": "region", "version": 1 }, "end_va": 59510783, "entry_point": 0, "filename": null, "id": "region_2633", "name": "private_0x00000000038c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 59506688, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 59572224, "type": "region", "version": 1 }, "end_va": 59834367, "entry_point": 0, "filename": null, "id": "region_2634", "name": "private_0x00000000038d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 59572224, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 59834368, "type": "region", "version": 1 }, "end_va": 60882943, "entry_point": 0, "filename": null, "id": "region_2635", "name": "private_0x0000000003910000", "norm_filename": null, "region_type": "private_memory", "start_va": 59834368, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 60882944, "type": "region", "version": 1 }, "end_va": 61145087, "entry_point": 0, "filename": null, "id": "region_2636", "name": "private_0x0000000003a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 60882944, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 61145088, "type": "region", "version": 1 }, "end_va": 62193663, "entry_point": 0, "filename": null, "id": "region_2637", "name": "private_0x0000000003a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 61145088, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 62193664, "type": "region", "version": 1 }, "end_va": 62197759, "entry_point": 0, "filename": null, "id": "region_2638", "name": "private_0x0000000003b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 62193664, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 62259200, "type": "region", "version": 1 }, "end_va": 62521343, "entry_point": 0, "filename": null, "id": "region_2639", "name": "private_0x0000000003b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 62259200, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 62521344, "type": "region", "version": 1 }, "end_va": 63569919, "entry_point": 0, "filename": null, "id": "region_2640", "name": "private_0x0000000003ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 62521344, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63569920, "type": "region", "version": 1 }, "end_va": 63574015, "entry_point": 0, "filename": null, "id": "region_2641", "name": "private_0x0000000003ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63569920, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63635456, "type": "region", "version": 1 }, "end_va": 63639551, "entry_point": 0, "filename": null, "id": "region_2642", "name": "private_0x0000000003cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63635456, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63700992, "type": "region", "version": 1 }, "end_va": 63705087, "entry_point": 0, "filename": null, "id": "region_2643", "name": "private_0x0000000003cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63700992, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63766528, "type": "region", "version": 1 }, "end_va": 63770623, "entry_point": 0, "filename": null, "id": "region_2644", "name": "private_0x0000000003cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63766528, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63832064, "type": "region", "version": 1 }, "end_va": 63836159, "entry_point": 0, "filename": null, "id": "region_2645", "name": "private_0x0000000003ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63832064, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63897600, "type": "region", "version": 1 }, "end_va": 63901695, "entry_point": 0, "filename": null, "id": "region_2646", "name": "private_0x0000000003cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63897600, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 63963136, "type": "region", "version": 1 }, "end_va": 63967231, "entry_point": 0, "filename": null, "id": "region_2647", "name": "private_0x0000000003d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 63963136, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 64028672, "type": "region", "version": 1 }, "end_va": 64032767, "entry_point": 0, "filename": null, "id": "region_2648", "name": "private_0x0000000003d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 64028672, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 64094208, "type": "region", "version": 1 }, "end_va": 64098303, "entry_point": 0, "filename": null, "id": "region_2649", "name": "private_0x0000000003d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 64094208, "timestamp": "00:01:33.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 64159744, "type": "region", "version": 1 }, "end_va": 64163839, "entry_point": 0, "filename": null, "id": "region_2650", "name": "private_0x0000000003d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 64159744, "timestamp": "00:01:33.118", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\NOTEPAD.EXE\" C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_HELP_INSTRUCTION.TXT", "filename": "c:\\windows\\syswow64\\notepad.exe", "id": "proc_25", "image_name": "notepad.exe", "monitor_reason": "child_process", "monitored_id": 25, "origin_monitor_id": 23, "ref_parent_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3417", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:03:45.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3418", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:03:45.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3419", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:03:45.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3420", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:03:45.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_3421", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:03:45.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_3422", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:03:45.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_3423", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:03:45.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 14745600, "type": "region", "version": 1 }, "end_va": 14942207, "entry_point": 14745600, "filename": "\\Windows\\SysWOW64\\notepad.exe", "id": "region_3424", "name": "notepad.exe", "norm_filename": "c:\\windows\\syswow64\\notepad.exe", "region_type": "memory_mapped_file", "start_va": 14745600, "timestamp": "00:03:45.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993080832, "type": "region", "version": 1 }, "end_va": 1994821631, "entry_point": 1993080832, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3425", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993080832, "timestamp": "00:03:45.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995046912, "type": "region", "version": 1 }, "end_va": 1996619775, "entry_point": 1995046912, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3426", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995046912, "timestamp": "00:03:45.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3427", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:03:45.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3428", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:03:45.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3429", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:03:45.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3430", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:03:45.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3431", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:03:45.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3432", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:03:45.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3433", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:03:45.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_3434", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:03:45.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1933639680, "type": "region", "version": 1 }, "end_va": 1933672447, "entry_point": 1933648120, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3435", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1933639680, "timestamp": "00:03:45.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1933705216, "type": "region", "version": 1 }, "end_va": 1934082047, "entry_point": 1933965208, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3436", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1933705216, "timestamp": "00:03:45.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1934098432, "type": "region", "version": 1 }, "end_va": 1934356479, "entry_point": 1934286456, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3437", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1934098432, "timestamp": "00:03:45.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1990852608, "type": "region", "version": 1 }, "end_va": 1992028159, "entry_point": 0, "filename": null, "id": "region_3438", "name": "private_0x0000000076aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1990852608, "timestamp": "00:03:45.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993056255, "entry_point": 0, "filename": null, "id": "region_3439", "name": "private_0x0000000076bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992032256, "timestamp": "00:03:45.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3440", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:03:45.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3441", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:03:45.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_3442", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:03:45.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 6750207, "entry_point": 0, "filename": null, "id": "region_3443", "name": "private_0x0000000000660000", "norm_filename": null, "region_type": "private_memory", "start_va": 6684672, "timestamp": "00:03:45.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1931935744, "type": "region", "version": 1 }, "end_va": 1933631487, "entry_point": 1932125877, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_3444", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1931935744, "timestamp": "00:03:45.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953763327, "entry_point": 1953601676, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_3445", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:03:45.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955004416, "type": "region", "version": 1 }, "end_va": 1955041279, "entry_point": 1955004416, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_3446", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1955004416, "timestamp": "00:03:45.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1956577280, "type": "region", "version": 1 }, "end_va": 1956626431, "entry_point": 1956581601, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3447", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1956577280, "timestamp": "00:03:45.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1956642816, "type": "region", "version": 1 }, "end_va": 1957036031, "entry_point": 1956750259, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3448", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1956642816, "timestamp": "00:03:45.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1958080511, "entry_point": 1957511089, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3449", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:03:45.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958785023, "entry_point": 1958288110, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_3450", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:03:45.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1959002112, "type": "region", "version": 1 }, "end_va": 1959288831, "entry_point": 1959031928, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3451", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1959002112, "timestamp": "00:03:45.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1972346879, "entry_point": 1959990785, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_3452", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:03:45.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1972764672, "type": "region", "version": 1 }, "end_va": 1973420031, "entry_point": 1972849125, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3453", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1972764672, "timestamp": "00:03:45.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1976434687, "entry_point": 1975935811, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3454", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:03:45.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1976434688, "type": "region", "version": 1 }, "end_va": 1977548799, "entry_point": 1976513235, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3455", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1976434688, "timestamp": "00:03:45.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1977905151, "entry_point": 1977654182, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3456", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:03:45.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1977942016, "type": "region", "version": 1 }, "end_va": 1978585087, "entry_point": 1978154967, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3457", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1977942016, "timestamp": "00:03:45.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1983037439, "entry_point": 1982375026, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3458", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:03:45.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3459", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:03:45.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984610303, "entry_point": 1983494717, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3460", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:03:45.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1984626688, "type": "region", "version": 1 }, "end_va": 1985675263, "entry_point": 1984739053, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3461", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1984626688, "timestamp": "00:03:45.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987837952, "type": "region", "version": 1 }, "end_va": 1987878911, "entry_point": 1987851936, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3462", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987837952, "timestamp": "00:03:45.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988886527, "entry_point": 1987970409, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3463", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:03:45.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3464", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:03:45.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3465", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:03:45.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 8355839, "entry_point": 0, "filename": null, "id": "region_3466", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:03:45.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957036032, "type": "region", "version": 1 }, "end_va": 1957429247, "entry_point": 1957107087, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3467", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957036032, "timestamp": "00:03:45.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987821567, "entry_point": 1986991755, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3468", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:03:45.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_3469", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:03:45.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3470", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:03:45.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 929791, "entry_point": 917504, "filename": "\\Windows\\SysWOW64\\en-US\\notepad.exe.mui", "id": "region_3471", "name": "notepad.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\notepad.exe.mui", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:03:45.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_3472", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:03:45.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_3473", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:03:45.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_3474", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:03:45.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_3475", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:03:45.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 9965567, "entry_point": 0, "filename": null, "id": "region_3476", "name": "pagefile_0x0000000000800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8388608, "timestamp": "00:03:45.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11993088, "type": "region", "version": 1 }, "end_va": 12255231, "entry_point": 0, "filename": null, "id": "region_3477", "name": "private_0x0000000000b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 11993088, "timestamp": "00:03:45.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 14942208, "type": "region", "version": 1 }, "end_va": 35913727, "entry_point": 0, "filename": null, "id": "region_3478", "name": "pagefile_0x0000000000e40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14942208, "timestamp": "00:03:45.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1931411456, "type": "region", "version": 1 }, "end_va": 1931935743, "entry_point": 1931491273, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_3479", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1931411456, "timestamp": "00:03:45.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6156287, "entry_point": 0, "filename": null, "id": "region_3480", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:03:45.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1954873344, "type": "region", "version": 1 }, "end_va": 1954951167, "entry_point": 1954873344, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_3481", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1954873344, "timestamp": "00:03:45.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_3482", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:03:45.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 1245184, "filename": "\\Windows\\SysWOW64\\en-US\\msctf.dll.mui", "id": "region_3483", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:03:45.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_3484", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:03:45.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_3485", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:03:45.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11141120, "type": "region", "version": 1 }, "end_va": 11403263, "entry_point": 0, "filename": null, "id": "region_3486", "name": "private_0x0000000000aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11141120, "timestamp": "00:03:45.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 45547519, "entry_point": 35913728, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_3487", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 35913728, "timestamp": "00:03:45.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 45547520, "type": "region", "version": 1 }, "end_va": 49688575, "entry_point": 0, "filename": null, "id": "region_3488", "name": "pagefile_0x0000000002b70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 45547520, "timestamp": "00:03:45.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 49741824, "type": "region", "version": 1 }, "end_va": 52686847, "entry_point": 49741824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3489", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 49741824, "timestamp": "00:03:45.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1974546431, "entry_point": 1974019026, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3490", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:03:45.942", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 }, { "comment": "The maximum number of extracted files was reached during the analysis. Some files may be missing in the reports. You can increase the limit in the configuration.", "id": 1024, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "xzzx_cryptMix.vir.exe", "id": 20159, "md5_hash": "17f54288695fc46d11078ea493eb6626", "sample_type": "windows_exe_(x86-32)", "sha1_hash": "548058b2233b75cdfd964c1d7be5d2b80818131a", "sha256_hash": "33a60a16e50b8df2a731023951475ff0f973fc66334d2cfa6ce30aa36bb36414", "size": 223232, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_10513.png", "size": 69381, "thumbnail_archive_path": "screenshots/thumbnail_10513.png", "timestamp": "00:00:10.513", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_13554.png", "size": 52352, "thumbnail_archive_path": "screenshots/thumbnail_13554.png", "timestamp": "00:00:13.554", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_31547.png", "size": 56627, "thumbnail_archive_path": "screenshots/thumbnail_31547.png", "timestamp": "00:00:31.547", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_41732.png", "size": 52406, "thumbnail_archive_path": "screenshots/thumbnail_41732.png", "timestamp": "00:00:41.732", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_53898.png", "size": 52398, "thumbnail_archive_path": "screenshots/thumbnail_53898.png", "timestamp": "00:00:53.898", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_54899.png", "size": 34349, "thumbnail_archive_path": "screenshots/thumbnail_54899.png", "timestamp": "00:00:54.899", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_55905.png", "size": 4183, "thumbnail_archive_path": "screenshots/thumbnail_55905.png", "timestamp": "00:00:55.905", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_57919.png", "size": 489056, "thumbnail_archive_path": "screenshots/thumbnail_57919.png", "timestamp": "00:00:57.919", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_75140.png", "size": 488494, "thumbnail_archive_path": "screenshots/thumbnail_75140.png", "timestamp": "00:01:15.140", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_84255.png", "size": 66728, "thumbnail_archive_path": "screenshots/thumbnail_84255.png", "timestamp": "00:01:24.255", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_85276.png", "size": 95885, "thumbnail_archive_path": "screenshots/thumbnail_85276.png", "timestamp": "00:01:25.276", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_98701.png", "size": 46159, "thumbnail_archive_path": "screenshots/thumbnail_98701.png", "timestamp": "00:01:38.701", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_99729.png", "size": 95916, "thumbnail_archive_path": "screenshots/thumbnail_99729.png", "timestamp": "00:01:39.729", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_165389.png", "size": 92563, "thumbnail_archive_path": "screenshots/thumbnail_165389.png", "timestamp": "00:02:45.389", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_168428.png", "size": 66124, "thumbnail_archive_path": "screenshots/thumbnail_168428.png", "timestamp": "00:02:48.428", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_226228.png", "size": 83596, "thumbnail_archive_path": "screenshots/thumbnail_226228.png", "timestamp": "00:03:46.228", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-10-17 16:08", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "11.2.202.233", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.450", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_3928", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\xzzx_cryptMix.vir.exe\"\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_3933", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"cmd\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_disable_system_service", "operation_desc": "Disable crucial system service", "ref_gfncalls": [ { "ref_id": "gfn_4202", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_disable_system_service_by_control_svc", "technique_desc": "Stop \"Windows Security Center Service\" by ControlService.", "technique_path": "built_in._os._disable_system_service.vmray_disable_system_service_by_control_svc", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_disable_system_service", "operation_desc": "Disable crucial system service", "ref_gfncalls": [ { "ref_id": "gfn_4403", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_disable_system_service_by_control_svc", "technique_desc": "Stop \"Windows Defender Service\" by ControlService.", "technique_path": "built_in._os._disable_system_service.vmray_disable_system_service_by_control_svc", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_disable_system_service", "operation_desc": "Disable crucial system service", "ref_gfncalls": [ { "ref_id": "gfn_4425", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_disable_system_service_by_control_svc", "technique_desc": "Stop \"Windows Update Service\" by ControlService.", "technique_path": "built_in._os._disable_system_service.vmray_disable_system_service_by_control_svc", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\ProgramData\\BCE1010314.exe:Zone.Identifier", "hashes": [ { "md5_hash": "8d251dc834ad2282d59cb08f2152a8f7", "sha1_hash": "1ccec082f8ccbe367cfad62f04566e337255943a", "sha256_hash": "f1556a2096b4e834c3b91c637c2f5fb10fb4f2319b6c5f3143db2ce61774318d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\bce1010314.exe:zone.identifier", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_use_alternate_data_stream", "operation_desc": "Use alternate data stream (ADS)", "ref_gfncalls": [ { "ref_id": "gfn_4679", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_use_alternate_data_stream", "technique_desc": "Use alternate data stream in \"bce1010314.exe:zone.identifier\".", "technique_path": "built_in._hide_tracks._use_alternate_data_stream.vmray_use_alternate_data_stream", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_4681", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"\"C:\\ProgramData\\BCE1010314.exe\"\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "E1010314_offset", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_4687", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"E1010314_offset\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\program files\\_help_instruction.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_4799", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files\\_help_instruction.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Program Files (x86)\\_HELP_INSTRUCTION.TXT", "hashes": [ { "md5_hash": "99b4288995857301d312d28c2291153d", "sha1_hash": "f769bff21786fd74b5657c5cee846df22a62061d", "sha256_hash": "deb8d2fa204f74abc411a4db8b0f02a3b1a655c6185f077f016a8866752a17ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\program files (x86)\\_help_instruction.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_application_dir", "operation_desc": "Modify application directory", "ref_gfncalls": [ { "ref_id": "gfn_4805", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_application_dir_by_file", "technique_desc": "Modify \"c:\\program files (x86)\\_help_instruction.txt\".", "technique_path": "built_in._file_system._modify_application_dir.vmray_modify_application_dir_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_4850", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_dynamic_api_usage", "operation_desc": "Dynamic API usage", "ref_gfncalls": [ { "ref_id": "gfn_4855", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_dynamic_api_usage_by_api", "technique_desc": "Resolve above average number of APIs.", "technique_path": "built_in._anti_analysis._dynamic_api_usage.vmray_dynamic_api_usage_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5105", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\contacts\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_5469", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\documents\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\X2tQqTNWjx7lgtPo5htj.pptx", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\x2tqqtnwjx7lgtpo5htj.pptx", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_delete_user_files", "operation_desc": "Delete user files", "ref_gfncalls": [ { "ref_id": "gfn_5785", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_delete_user_files", "technique_desc": "Delete multiple user files. This is an indicator for wiper malware.", "technique_path": "built_in._file_system._delete_user_files.vmray_delete_user_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_6714", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_6839", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\downloads\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_6877", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\favorites\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_6915", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_7490", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\links\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_7648", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\music\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_19810", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\pictures\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_20676", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\saved games\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_20707", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\searches\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_20866", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\videos\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Contacts\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\contacts\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_21889", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\contacts\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_21903", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\documents\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_21927", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\downloads\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_21936", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\favorites\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Favorites\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\favorites\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_21945", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\favorites\\links\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Links\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\links\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22033", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\links\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22059", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\music\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22078", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\pictures\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Saved Games\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\saved games\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22097", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\saved games\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Searches\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\searches\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22106", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\searches\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22138", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\videos\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22152", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Documents\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22165", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\documents\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Downloads\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\downloads\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22246", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\downloads\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Libraries\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\libraries\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22265", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\libraries\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22360", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\music\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\music\\sample music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22373", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\music\\sample music\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22464", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\pictures\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\pictures\\sample pictures\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22575", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\pictures\\sample pictures\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22813", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\recorded tv\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\recorded tv\\sample media\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22847", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\recorded tv\\sample media\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22920", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\videos\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\videos\\sample videos\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_22931", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\videos\\sample videos\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\_HELP_INSTRUCTION.TXT", "hashes": [], "norm_filename": "c:\\windows\\_help_instruction.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_22978", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"C:\\Windows\\_HELP_INSTRUCTION.TXT\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_23328", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5p5nrgjn0js halpmcxz\\desktop\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Default\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\default\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_25606", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\default\\desktop\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\\\?\\C:\\Users\\Public\\Desktop\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\public\\desktop\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_25907", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\public\\desktop\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_create_many_files", "operation_desc": "Create many files", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_many_files", "technique_desc": "Create above average number of files.", "technique_path": "built_in._file_system._create_many_files.vmray_create_many_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_encrypt_user_files", "operation_desc": "Encrypt content of user files", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_encrypt_user_files", "technique_desc": "Encrypt the content of multiple user files. This is an indicator for ransomware.", "technique_path": "built_in._file_system._encrypt_user_files.vmray_encrypt_user_files", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Default (PE, ...)", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }