{ "analysis_details": { "creation_time": "2017-10-25 17:16 (UTC+2)", "execution_successful": true, "number_of_processes": 62, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": null }, "artifacts": { "files": [ { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ifzkkpwij.exe", "hashes": [ { "md5_hash": "fbbdc39af1139aebba4da004475e8839", "sha1_hash": "de5c8d858e6e41da715dca1c019df0bfb92d32c0", "sha256_hash": "630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ifzkkpwij.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\infpub.dat", "hashes": [ { "md5_hash": "1d724f95c61f1055f0d02c2154bbccd3", "sha1_hash": "79116fe99f2b421c52ef64097f0f39b815b20907", "sha256_hash": "579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648", "type": "file_hash", "version": 1 }, { "md5_hash": "c4f26ed277b51ef45fa180be597d96e8", "sha1_hash": "e9efc622924fb965d4a14bdb6223834d9a9007e7", "sha256_hash": "14d82a676b63ab046ae94fa5e41f9f69a65dc7946826cb3d74cea6c030c2f958", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\infpub.dat", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\cscc.dat", "hashes": [ { "md5_hash": "edb72f4a46c39452d1a5414f7d26454a", "sha1_hash": "08f94684e83a27f2414f439975b7f8a6d61fc056", "sha256_hash": "0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\cscc.dat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\dispci.exe", "hashes": [ { "md5_hash": "b14d8faf7f0cbcfad051cefe5f39645f", "sha1_hash": "afeee8b4acff87bc469a6f0364a81ae5d60a2add", "sha256_hash": "8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\dispci.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\41D0.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "347ac3b6b791054de3e5720a7144a977", "sha1_hash": "413eba3973a15c1a6429d9f170f3e8287f98c21c", "sha256_hash": "301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c", "type": "file_hash", "version": 1 }, { "md5_hash": "c7ca77d847f1802502ef3b9228d388e4", "sha1_hash": "80ab09116d877b924dfec5b6e8eb6d3dde35869e", "sha256_hash": "fdef2f6da8c5e8002fa5822e8e4fea278fba66c22df9e13b61c8a95c2f9d585f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\41d0.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\BOOTSECT.BAK", "hashes": [], "norm_filename": "c:\\bootsect.bak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", "hashes": [ { "md5_hash": "87cf3392dfc386ebd494fa4e72b747fc", "sha1_hash": "f940f7e3770462a4809bad3e995ae46d522190ef", "sha256_hash": "fa125a9e042003f5443f6c8ac5eb108cd7a5483eab39e1b3b5c059d60215d9e7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", "hashes": [ { "md5_hash": "a20a768a81afee200bf6db18a3056541", "sha1_hash": "3592d4d77e481c9b7eaa614deeb36e72a994218e", "sha256_hash": "448403a1b7ca253b91174d36a3881cc183d2ffeaaa3eed0496d802539538c114", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "a5cfdf621750a94cbc0f0719a533eaf4", "sha1_hash": "6e282e3fb7afc487422d73271a729e7e4718a328", "sha256_hash": "dfe114759d655205b57f759e89f6da508d36aa1a4a84cee2fc6d743ef2655d40", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", "hashes": [ { "md5_hash": "380dcda4098e62f1f5664921cf6cdd6c", "sha1_hash": "0c64f4559ed2f12cf42ee1ff2dd14d806e16ce87", "sha256_hash": "12744847431c8b2fc23c7e47dc6ec275419958ebdbcb39af589eda58dce9ead3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", "hashes": [ { "md5_hash": "43425a50ee06e30dd272c3ff17bb0427", "sha1_hash": "230a74cfbf7ae520dd726174711e0d3533f60fff", "sha256_hash": "752cc8c341f4e4d0a6036607a12df396047a4e9f3a461be21dadea54f5de67a3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "be16f68fd043d935ad963ea4c3d736bc", "sha1_hash": "3693091b6827d78dd9414a6f485abb53b8edfbca", "sha256_hash": "e21fac606118ecf75d5a4d1966574895104dd3024f7122339edbabb634cf5d13", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", "hashes": [ { "md5_hash": "cf6fa18c52894350bea091528fc31218", "sha1_hash": "7057c7772d2b3290ddea402ff765e67901afaa63", "sha256_hash": "8f2a61e71446971c5f5010abf0d324222993e7f79e0b3a3a8d6719eb9f3f2546", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", "hashes": [ { "md5_hash": "85a68488be13ebc093b067ea1475ccf4", "sha1_hash": "3fc88da1570badea2c61a9517e06e1a41e51035b", "sha256_hash": "7cda2a6ea0faca19b16802165b3a6add583fe06141ee843e5b8c10f89a9106bb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "146cee28b00dbf679ed697b6f33d6fc0", "sha1_hash": "4b22431fa5e445f6f630e7f8a6b668125c4d3ec3", "sha256_hash": "a32fc1e86edbf4a24426684c8700693b511c649ddd36e25090018e00f37e7300", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", "hashes": [ { "md5_hash": "ea9b20690debbe698df7bcdee8af861e", "sha1_hash": "383953c3903f3def7f4a8dfc961b632bc747f58a", "sha256_hash": "7a63a991eeae97834d4ee1911ccded08b7f9f47167bb73717551bedd1f3b3071", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", "hashes": [ { "md5_hash": "3db069e923ed265020abbe0aeeb20516", "sha1_hash": "dde8ecfc4f9d094feb2e9b831193fcc4cddb98da", "sha256_hash": "73c778eb6570c7c49aa0c5fc4b3b246f6bc335819cacd7f68716be0384068d9a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "4bde0423f361b421519b65c28bde6cc2", "sha1_hash": "4e05353ba59608761c42ab503768718fd4ea9d0e", "sha256_hash": "87f2dc684dbabea1b50206f66acef5d1164deb93327b6cb03201e9f0b4e4735a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "2c56ebeae266b0945b278f8cb01732c8", "sha1_hash": "b29ffe456e5fb9ed0f8e90effbf30fc96862b153", "sha256_hash": "ffe497bab3fb4bd8401b6ded8d9f23d3bd07ac5d3ee0489ffa4f06254a053264", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", "hashes": [ { "md5_hash": "8ab2632c2d433efc3b75df58f9d73dae", "sha1_hash": "2d627a56bd4283688e4c69c4b418010b0c7d1820", "sha256_hash": "0a0c05a8af443700679eef4db9d19a12a22e19342bc56351be4738eb7f17f3d9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", "hashes": [ { "md5_hash": "5b5f9cedbc03caf54b38039ff2b1487b", "sha1_hash": "fea2f54353593e4d88887393b651fdbb3ba79324", "sha256_hash": "425d33325b790e9ad234441f1a2adc245d397f19f07bbf53c6b53282c443cb8a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", "hashes": [ { "md5_hash": "b7ed442d187f7892bc057b6004e83599", "sha1_hash": "cf0239dd6407ffb1bfaff75c154e5b6ff261be74", "sha256_hash": "e50f152da6840a55a0f185499b2381bac2668aa38a61d70ac191cc8f456025e0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", "hashes": [ { "md5_hash": "15153c4f2a05f30d0283700f557c85d2", "sha1_hash": "49e02205a4b52d394ff129472c75f31f24be11bd", "sha256_hash": "5135fa2425ba2cdff867dc297ca432bcaef9bf0c3755c1304e4a661767f36607", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", "hashes": [ { "md5_hash": "01522cc818e3cb5c1f88f0af6b71d2a9", "sha1_hash": "89ab8491fb830a0e1f96fa654820c80e3853e31a", "sha256_hash": "72245180f2d45a7ff7fad89fda1cd0bf4aea2bc5f1467c58b56ecb83c86c146f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", "hashes": [ { "md5_hash": "3b30045ad6c97ff866342decbf09ab28", "sha1_hash": "4bba2d45d8bca9bc168ca55f74d02c80eaaf6828", "sha256_hash": "a44f1691b44e6bd338b74ddaad4a6be3ec62789882a1cf42a53d6a97ba611c09", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", "hashes": [ { "md5_hash": "0335234c7c545ba002aeb3df922f7686", "sha1_hash": "04a74035ae437f4fc5aaad4eb15931f65853e82b", "sha256_hash": "669e004f14ac15858414dffdc0d4002a2fc54621f1b1ce33ae0c72ff26edd29a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", "hashes": [ { "md5_hash": "d4ea0313aa839edf612c9ee1b33b92c5", "sha1_hash": "54de0ac01c3d5567499e29454eedaa473ed79d93", "sha256_hash": "882b5924b55e8ee500f7aff61a11abea43771ea12cc474a714ccfb8255ab2343", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", "hashes": [ { "md5_hash": "f570a344598fb3126736a6ed636f069d", "sha1_hash": "8333909319182a2e880bb757ec6498650fa81889", "sha256_hash": "1fd1b9d62a4c31ce9bbccc238b5c2968b64a6124a8c6fe1934ea7820326e0614", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "aad695e82a73aba6565adf1251f3bb6b", "sha1_hash": "0d863f3a8d023547553c16663170df3dc63c2a79", "sha256_hash": "fa6379ddcc35d29cd142c0a68bc6fb0289ced7fcea8bd8328a544e7d3d5472c4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", "hashes": [ { "md5_hash": "5c46b16a535150be984a13005a582bb1", "sha1_hash": "ea8a7e2020fe6c3fb672596a0d13c548e6660dae", "sha256_hash": "f2f29f4820305a8e6f1d233b87212df1f9deb506b6050090b4a5cca29f7872d9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", "hashes": [ { "md5_hash": "53dff27d197fac5fec615fd204378274", "sha1_hash": "724edbe96e984e05486c8f051f3f3cd7b4f50252", "sha256_hash": "034a8515267cffff2909d9d2c241aa7b63d1f1b9298f5c97b928830fc4003e4c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "938647548a6e4b74ea13e78465570a88", "sha1_hash": "72117b74130db120ea4631d81f05ba317719856f", "sha256_hash": "bc8e71a789537b982077972a1d3cf2d5cf548e2c0d584e262198198d53398f23", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", "hashes": [ { "md5_hash": "b1942518b15f0af4b81329b96a4cd97b", "sha1_hash": "cd1bcdf2dcea0c11a73203fb61387fb5b20a33ec", "sha256_hash": "eea2e87a37f7f432cb7761a90407d1ec10abb4311e59d8361e55a214cc97e546", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", "hashes": [ { "md5_hash": "180f8b1fde6c589a1c9e529a8dedfb42", "sha1_hash": "885f800cd0d0904b4dac55a6c9b840ac34ca1b09", "sha256_hash": "614c51f1e9a2760f1f308724e5520d61749aaf8e3e282244bad26a4031e1aa47", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "fe2c346594a0317e1cd552fbb55709fa", "sha1_hash": "e2afd9514e47e3708d68d5d7e0cb22cf348cde99", "sha256_hash": "18d690cf2acfd0f7b7cfcd994563e5ed40e2e1fae7466a8a6b8a372205c62195", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [ { "md5_hash": "f11d38f5e08ff6023b55931f8836aee0", "sha1_hash": "728d5d4529be7a2e640df048a134f345c46b20d4", "sha256_hash": "88745aa40fb3f942c8df5b10a58eb80f95f8fdac2afb828962b8de98949dd55c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", "hashes": [ { "md5_hash": "8a0831714fbd219ad2cc0411a7666ae3", "sha1_hash": "3aa7f94dc84e5db74d8a202deb652c5811f18a2d", "sha256_hash": "c5ba50319cf18e9e9c71ca4c724a6ea66676c9138efe8cd2b2ce59c920c7c8f7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccLR.cab", "hashes": [], "norm_filename": "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\acclr.cab", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\pipe\\{2FDFCF81-BD74-41C3-9115-F628925CC568}", "hashes": [], "norm_filename": "\\device\\namedpipe\\{2fdfcf81-bd74-41c3-9115-f628925cc568}", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\PhysicalDrive0", "hashes": [], "norm_filename": "\\device\\harddisk0\\dr0", "operations": [ "write", "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\dcrypt", "hashes": [], "norm_filename": "\\device\\dcrypt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\GLOBALROOT\\ArcName\\multi(0)disk(0)rdisk(0)partition(1)", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "192.168.0.0", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "192.168.0.1", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "192.168.0.2", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "192.168.0.3", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "9A1966663AD6FDE5", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{71A27CDD-812A-11D0-BEC7-08002BE2092F}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E965-E325-11CE-BFC1-08002BE10318}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\CrashControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/79116fe99f2b421c52ef64097f0f39b815b20907", "file_type": "created_file", "id": "file_2", "md5_hash": "1d724f95c61f1055f0d02c2154bbccd3", "norm_filename": "c:\\windows\\infpub.dat", "sha1_hash": "79116fe99f2b421c52ef64097f0f39b815b20907", "sha256_hash": "579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648", "size": 410760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e9efc622924fb965d4a14bdb6223834d9a9007e7", "file_type": "created_file", "id": "file_3", "md5_hash": "c4f26ed277b51ef45fa180be597d96e8", "norm_filename": "c:\\windows\\infpub.dat", "sha1_hash": "e9efc622924fb965d4a14bdb6223834d9a9007e7", "sha256_hash": "14d82a676b63ab046ae94fa5e41f9f69a65dc7946826cb3d74cea6c030c2f958", "size": 410760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/08f94684e83a27f2414f439975b7f8a6d61fc056", "file_type": "created_file", "id": "file_4", "md5_hash": "edb72f4a46c39452d1a5414f7d26454a", "norm_filename": "c:\\windows\\cscc.dat", "sha1_hash": "08f94684e83a27f2414f439975b7f8a6d61fc056", "sha256_hash": "0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6", "size": 210632, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/afeee8b4acff87bc469a6f0364a81ae5d60a2add", "file_type": "created_file", "id": "file_5", "md5_hash": "b14d8faf7f0cbcfad051cefe5f39645f", "norm_filename": "c:\\windows\\dispci.exe", "sha1_hash": "afeee8b4acff87bc469a6f0364a81ae5d60a2add", "sha256_hash": "8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93", "size": 142848, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_6", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\windows\\41d0.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_40", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\windows\\system32\\wbem\\repository\\writable.tst", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/413eba3973a15c1a6429d9f170f3e8287f98c21c", "file_type": "created_file", "id": "file_7", "md5_hash": "347ac3b6b791054de3e5720a7144a977", "norm_filename": "c:\\windows\\41d0.tmp", "sha1_hash": "413eba3973a15c1a6429d9f170f3e8287f98c21c", "sha256_hash": "301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c", "size": 62328, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/80ab09116d877b924dfec5b6e8eb6d3dde35869e", "file_type": "created_file", "id": "file_8", "md5_hash": "c7ca77d847f1802502ef3b9228d388e4", "norm_filename": "c:\\windows\\41d0.tmp", "sha1_hash": "80ab09116d877b924dfec5b6e8eb6d3dde35869e", "sha256_hash": "fdef2f6da8c5e8002fa5822e8e4fea278fba66c22df9e13b61c8a95c2f9d585f", "size": 62328, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f940f7e3770462a4809bad3e995ae46d522190ef", "file_type": "modified_file", "id": "file_9", "md5_hash": "87cf3392dfc386ebd494fa4e72b747fc", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab", "sha1_hash": "f940f7e3770462a4809bad3e995ae46d522190ef", "sha256_hash": "fa125a9e042003f5443f6c8ac5eb108cd7a5483eab39e1b3b5c059d60215d9e7", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3592d4d77e481c9b7eaa614deeb36e72a994218e", "file_type": "modified_file", "id": "file_10", "md5_hash": "a20a768a81afee200bf6db18a3056541", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml", "sha1_hash": "3592d4d77e481c9b7eaa614deeb36e72a994218e", "sha256_hash": "448403a1b7ca253b91174d36a3881cc183d2ffeaaa3eed0496d802539538c114", "size": 1602, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6e282e3fb7afc487422d73271a729e7e4718a328", "file_type": "modified_file", "id": "file_11", "md5_hash": "a5cfdf621750a94cbc0f0719a533eaf4", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "6e282e3fb7afc487422d73271a729e7e4718a328", "sha256_hash": "dfe114759d655205b57f759e89f6da508d36aa1a4a84cee2fc6d743ef2655d40", "size": 2338, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c64f4559ed2f12cf42ee1ff2dd14d806e16ce87", "file_type": "modified_file", "id": "file_12", "md5_hash": "380dcda4098e62f1f5664921cf6cdd6c", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml", "sha1_hash": "0c64f4559ed2f12cf42ee1ff2dd14d806e16ce87", "sha256_hash": "12744847431c8b2fc23c7e47dc6ec275419958ebdbcb39af589eda58dce9ead3", "size": 1490, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/230a74cfbf7ae520dd726174711e0d3533f60fff", "file_type": "modified_file", "id": "file_13", "md5_hash": "43425a50ee06e30dd272c3ff17bb0427", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab", "sha1_hash": "230a74cfbf7ae520dd726174711e0d3533f60fff", "sha256_hash": "752cc8c341f4e4d0a6036607a12df396047a4e9f3a461be21dadea54f5de67a3", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3693091b6827d78dd9414a6f485abb53b8edfbca", "file_type": "modified_file", "id": "file_14", "md5_hash": "be16f68fd043d935ad963ea4c3d736bc", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "3693091b6827d78dd9414a6f485abb53b8edfbca", "sha256_hash": "e21fac606118ecf75d5a4d1966574895104dd3024f7122339edbabb634cf5d13", "size": 1922, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7057c7772d2b3290ddea402ff765e67901afaa63", "file_type": "modified_file", "id": "file_15", "md5_hash": "cf6fa18c52894350bea091528fc31218", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml", "sha1_hash": "7057c7772d2b3290ddea402ff765e67901afaa63", "sha256_hash": "8f2a61e71446971c5f5010abf0d324222993e7f79e0b3a3a8d6719eb9f3f2546", "size": 1490, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3fc88da1570badea2c61a9517e06e1a41e51035b", "file_type": "modified_file", "id": "file_16", "md5_hash": "85a68488be13ebc093b067ea1475ccf4", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab", "sha1_hash": "3fc88da1570badea2c61a9517e06e1a41e51035b", "sha256_hash": "7cda2a6ea0faca19b16802165b3a6add583fe06141ee843e5b8c10f89a9106bb", "size": 9958434, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4b22431fa5e445f6f630e7f8a6b668125c4d3ec3", "file_type": "modified_file", "id": "file_17", "md5_hash": "146cee28b00dbf679ed697b6f33d6fc0", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "4b22431fa5e445f6f630e7f8a6b668125c4d3ec3", "sha256_hash": "a32fc1e86edbf4a24426684c8700693b511c649ddd36e25090018e00f37e7300", "size": 1650, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/383953c3903f3def7f4a8dfc961b632bc747f58a", "file_type": "modified_file", "id": "file_18", "md5_hash": "ea9b20690debbe698df7bcdee8af861e", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab", "sha1_hash": "383953c3903f3def7f4a8dfc961b632bc747f58a", "sha256_hash": "7a63a991eeae97834d4ee1911ccded08b7f9f47167bb73717551bedd1f3b3071", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dde8ecfc4f9d094feb2e9b831193fcc4cddb98da", "file_type": "modified_file", "id": "file_19", "md5_hash": "3db069e923ed265020abbe0aeeb20516", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml", "sha1_hash": "dde8ecfc4f9d094feb2e9b831193fcc4cddb98da", "sha256_hash": "73c778eb6570c7c49aa0c5fc4b3b246f6bc335819cacd7f68716be0384068d9a", "size": 3234, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4e05353ba59608761c42ab503768718fd4ea9d0e", "file_type": "modified_file", "id": "file_20", "md5_hash": "4bde0423f361b421519b65c28bde6cc2", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "4e05353ba59608761c42ab503768718fd4ea9d0e", "sha256_hash": "87f2dc684dbabea1b50206f66acef5d1164deb93327b6cb03201e9f0b4e4735a", "size": 4242, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b29ffe456e5fb9ed0f8e90effbf30fc96862b153", "file_type": "modified_file", "id": "file_21", "md5_hash": "2c56ebeae266b0945b278f8cb01732c8", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "b29ffe456e5fb9ed0f8e90effbf30fc96862b153", "sha256_hash": "ffe497bab3fb4bd8401b6ded8d9f23d3bd07ac5d3ee0489ffa4f06254a053264", "size": 2466, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2d627a56bd4283688e4c69c4b418010b0c7d1820", "file_type": "modified_file", "id": "file_22", "md5_hash": "8ab2632c2d433efc3b75df58f9d73dae", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab", "sha1_hash": "2d627a56bd4283688e4c69c4b418010b0c7d1820", "sha256_hash": "0a0c05a8af443700679eef4db9d19a12a22e19342bc56351be4738eb7f17f3d9", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fea2f54353593e4d88887393b651fdbb3ba79324", "file_type": "modified_file", "id": "file_23", "md5_hash": "5b5f9cedbc03caf54b38039ff2b1487b", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml", "sha1_hash": "fea2f54353593e4d88887393b651fdbb3ba79324", "sha256_hash": "425d33325b790e9ad234441f1a2adc245d397f19f07bbf53c6b53282c443cb8a", "size": 1842, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cf0239dd6407ffb1bfaff75c154e5b6ff261be74", "file_type": "modified_file", "id": "file_24", "md5_hash": "b7ed442d187f7892bc057b6004e83599", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab", "sha1_hash": "cf0239dd6407ffb1bfaff75c154e5b6ff261be74", "sha256_hash": "e50f152da6840a55a0f185499b2381bac2668aa38a61d70ac191cc8f456025e0", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/49e02205a4b52d394ff129472c75f31f24be11bd", "file_type": "modified_file", "id": "file_25", "md5_hash": "15153c4f2a05f30d0283700f557c85d2", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml", "sha1_hash": "49e02205a4b52d394ff129472c75f31f24be11bd", "sha256_hash": "5135fa2425ba2cdff867dc297ca432bcaef9bf0c3755c1304e4a661767f36607", "size": 1394, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/89ab8491fb830a0e1f96fa654820c80e3853e31a", "file_type": "modified_file", "id": "file_26", "md5_hash": "01522cc818e3cb5c1f88f0af6b71d2a9", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab", "sha1_hash": "89ab8491fb830a0e1f96fa654820c80e3853e31a", "sha256_hash": "72245180f2d45a7ff7fad89fda1cd0bf4aea2bc5f1467c58b56ecb83c86c146f", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4bba2d45d8bca9bc168ca55f74d02c80eaaf6828", "file_type": "modified_file", "id": "file_27", "md5_hash": "3b30045ad6c97ff866342decbf09ab28", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml", "sha1_hash": "4bba2d45d8bca9bc168ca55f74d02c80eaaf6828", "sha256_hash": "a44f1691b44e6bd338b74ddaad4a6be3ec62789882a1cf42a53d6a97ba611c09", "size": 1506, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/04a74035ae437f4fc5aaad4eb15931f65853e82b", "file_type": "modified_file", "id": "file_28", "md5_hash": "0335234c7c545ba002aeb3df922f7686", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab", "sha1_hash": "04a74035ae437f4fc5aaad4eb15931f65853e82b", "sha256_hash": "669e004f14ac15858414dffdc0d4002a2fc54621f1b1ce33ae0c72ff26edd29a", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/54de0ac01c3d5567499e29454eedaa473ed79d93", "file_type": "modified_file", "id": "file_29", "md5_hash": "d4ea0313aa839edf612c9ee1b33b92c5", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml", "sha1_hash": "54de0ac01c3d5567499e29454eedaa473ed79d93", "sha256_hash": "882b5924b55e8ee500f7aff61a11abea43771ea12cc474a714ccfb8255ab2343", "size": 1506, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8333909319182a2e880bb757ec6498650fa81889", "file_type": "modified_file", "id": "file_30", "md5_hash": "f570a344598fb3126736a6ed636f069d", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml", "sha1_hash": "8333909319182a2e880bb757ec6498650fa81889", "sha256_hash": "1fd1b9d62a4c31ce9bbccc238b5c2968b64a6124a8c6fe1934ea7820326e0614", "size": 850, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0d863f3a8d023547553c16663170df3dc63c2a79", "file_type": "modified_file", "id": "file_31", "md5_hash": "aad695e82a73aba6565adf1251f3bb6b", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "0d863f3a8d023547553c16663170df3dc63c2a79", "sha256_hash": "fa6379ddcc35d29cd142c0a68bc6fb0289ced7fcea8bd8328a544e7d3d5472c4", "size": 5922, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ea8a7e2020fe6c3fb672596a0d13c548e6660dae", "file_type": "modified_file", "id": "file_32", "md5_hash": "5c46b16a535150be984a13005a582bb1", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml", "sha1_hash": "ea8a7e2020fe6c3fb672596a0d13c548e6660dae", "sha256_hash": "f2f29f4820305a8e6f1d233b87212df1f9deb506b6050090b4a5cca29f7872d9", "size": 1426, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/724edbe96e984e05486c8f051f3f3cd7b4f50252", "file_type": "modified_file", "id": "file_33", "md5_hash": "53dff27d197fac5fec615fd204378274", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab", "sha1_hash": "724edbe96e984e05486c8f051f3f3cd7b4f50252", "sha256_hash": "034a8515267cffff2909d9d2c241aa7b63d1f1b9298f5c97b928830fc4003e4c", "size": 2928994, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/72117b74130db120ea4631d81f05ba317719856f", "file_type": "modified_file", "id": "file_34", "md5_hash": "938647548a6e4b74ea13e78465570a88", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "72117b74130db120ea4631d81f05ba317719856f", "sha256_hash": "bc8e71a789537b982077972a1d3cf2d5cf548e2c0d584e262198198d53398f23", "size": 2402, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cd1bcdf2dcea0c11a73203fb61387fb5b20a33ec", "file_type": "modified_file", "id": "file_35", "md5_hash": "b1942518b15f0af4b81329b96a4cd97b", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab", "sha1_hash": "cd1bcdf2dcea0c11a73203fb61387fb5b20a33ec", "sha256_hash": "eea2e87a37f7f432cb7761a90407d1ec10abb4311e59d8361e55a214cc97e546", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/885f800cd0d0904b4dac55a6c9b840ac34ca1b09", "file_type": "modified_file", "id": "file_36", "md5_hash": "180f8b1fde6c589a1c9e529a8dedfb42", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml", "sha1_hash": "885f800cd0d0904b4dac55a6c9b840ac34ca1b09", "sha256_hash": "614c51f1e9a2760f1f308724e5520d61749aaf8e3e282244bad26a4031e1aa47", "size": 1266, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e2afd9514e47e3708d68d5d7e0cb22cf348cde99", "file_type": "modified_file", "id": "file_37", "md5_hash": "fe2c346594a0317e1cd552fbb55709fa", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "e2afd9514e47e3708d68d5d7e0cb22cf348cde99", "sha256_hash": "18d690cf2acfd0f7b7cfcd994563e5ed40e2e1fae7466a8a6b8a372205c62195", "size": 1890, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/728d5d4529be7a2e640df048a134f345c46b20d4", "file_type": "modified_file", "id": "file_38", "md5_hash": "f11d38f5e08ff6023b55931f8836aee0", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml", "sha1_hash": "728d5d4529be7a2e640df048a134f345c46b20d4", "sha256_hash": "88745aa40fb3f942c8df5b10a58eb80f95f8fdac2afb828962b8de98949dd55c", "size": 6290, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3aa7f94dc84e5db74d8a202deb652c5811f18a2d", "file_type": "modified_file", "id": "file_39", "md5_hash": "8a0831714fbd219ad2cc0411a7666ae3", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab", "sha1_hash": "3aa7f94dc84e5db74d8a202deb652c5811f18a2d", "sha256_hash": "c5ba50319cf18e9e9c71ca4c724a6ea66676c9138efe8cd2b2ce59c920c7c8f7", "size": 6737708, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "adf273fea1472eba2ba78619cb9e232c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64643accbfb6f25e001417064da84727da5e46cb", "sha256_hash": "b760fecb6e88511fb17de4191f3162f445af751c0a45e16c07eeeccbd0f808a3", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_42", "md5_hash": "8fd7cb3049a6a7c5fcc7967834aede15", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "97251830198a3396e499b184dcbbac5424145e32", "sha256_hash": "6e4606193966a52d42d2f2a1db35cf960342cf3f359d0c3d5cbee12a6338a089", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000006-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000006-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "fa4c952c3a35359bec73220ff5f728b9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f14610565f9e852813e5548af9a930459614d08", "sha256_hash": "1fa157396b190537f65f669ec5c6a2fdf291e486929e21925d95348633a42046", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000007-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000007-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "4b68bd56e7ad6b5784bd9db478515822", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13c485ff1d78fb8dcb259f85f41eb254184efe57", "sha256_hash": "f68d3b344b9a6b1878b1412295a89c2162f2237549ed42480aa521ed6a7e5615", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000008-addr_0x0000000000ff0000-size_0x0000000000012000-perm_rwx.bin", "filename": "process_00000001-region_00000008-addr_0x0000000000ff0000-size_0x0000000000012000-perm_rwx.bin", "id": "proc_dump_45", "md5_hash": "93386ba3dbcfeb657432c4b86766c08a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3ea09a9a8d8ca8d730158e71a2a1bf5498c0d49", "sha256_hash": "62d5991e5f42b70f64524b1f4f97215aae0fc1ce7feffad7036f3fea778d4d31", "size": 56832, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000012-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000012-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_46", "md5_hash": "daf69abbf028901ceb2ca39f90f32a92", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20e0530b3282a0e3ea2907b3eaa3a84b62145286", "sha256_hash": "ecf507a3a311664b78d41205aa3a3422ddfd979eb97e0e0130c49748cbb086b0", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000013-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000013-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_47", "md5_hash": "31ba3eeb3922f8f19019b12ffa613d55", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30f4b9a31b1714fe959752007ff5928f9b6ea7ed", "sha256_hash": "610eba16f8b5e20c17cef061a1f7552a1641bf760f4dad6c40f1677e71ed9bb4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000014-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000014-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_48", "md5_hash": "aa6a0a6ac5576702a984caa5a39c54ba", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc53da9cef1bfd74fc00f0f360c870fb12bda589", "sha256_hash": "4480b1c94e498f76a44c39fea0f154b6ee9cf904276810815ecb04f213b95002", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000016-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000001-region_00000016-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_49", "md5_hash": "7d2d114db75f7197c0e89a6adb1a7b56", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d28325c233b7f6a9a4ddc79698b6ff1530308b02", "sha256_hash": "e5005437446e02ef2df88c8152f54f19ba182439bd315b55979c3a8903b8fbff", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000150-addr_0x0000000000490000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000150-addr_0x0000000000490000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_50", "md5_hash": "232ffb2b94c6d57801af1ffacde8eb2c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92fe14a847c3dcb3225f26e649f60d2ac192932a", "sha256_hash": "3ddf0d4740755aefa714d84d322e4293114085128d6b62c8ca84b8e30009faa6", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000154-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000154-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_51", "md5_hash": "7364176566f88b8574d3db36be9cff75", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "671bce0ca9e38b2a672e787617d50eb81698cb8e", "sha256_hash": "64dd08c65ba9821adc5a12b4206ccf964e407952dc0b02519971b5f01942eb31", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000157-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000001-region_00000157-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_52", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000158-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000001-region_00000158-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_53", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000176-addr_0x0000000000840000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000176-addr_0x0000000000840000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_54", "md5_hash": "d3d5ea67c9ce3f854b606ddd103d749b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05ea7c04b19b7d93af3777cd95007b04de9077e7", "sha256_hash": "dc35a9f8e49524a436ce97bc35a868f13730b90accd891b5640590f141457042", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000180-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000180-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_55", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000181-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000181-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_56", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000184-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000184-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_57", "md5_hash": "697b3b4b8b55458d1dc5c5109505cb78", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a980fe4d8fe11a3b1aa18534f846dfd732c64934", "sha256_hash": "1982191a7d96320357e5ebfdf02e669a5082f062957394f60a8e3c97f8bade0a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000185-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000185-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_58", "md5_hash": "7a6911030933a1e43adb3d937728b432", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "555eefbeb499d8bcd079b74c1b23db91a9d20b81", "sha256_hash": "349ad74d42d09973380daca4f142f0d9983a1f3c2639a1d111bf5a58365a9945", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000251-addr_0x0000000074950000-size_0x0000000000068000-perm_rwx.bin", "filename": "process_00000002-region_00000251-addr_0x0000000074950000-size_0x0000000000068000-perm_rwx.bin", "id": "proc_dump_59", "md5_hash": "5b46709510baa29ce8004e6fdc091b86", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a5ee665c64f61bff35be7a27c73105fef6bd993e", "sha256_hash": "e9194d9d24a9fe20ef2159789c73c90d89f171e1ce4cce67d6575b22b03dce5a", "size": 425984, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000260-addr_0x00000000001a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000260-addr_0x00000000001a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_60", "md5_hash": "74695df5465563ae135adeefc41c5405", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4885d4db7f81799c6a863acdb1625879a3161023", "sha256_hash": "7030232bb9df7b9e7973db9592a695f396b55d30729dc51fe9ad5a84ab1116f3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000266-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000266-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_61", "md5_hash": "0a3c0c7146d3ce636946a20dc55f2759", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2aebc817344d44dc7ba4d7161e961c64a6343ccc", "sha256_hash": "34991b95032be71f6f5f2a5fb067f0209781ee043fdc81fc35930723d7f6161b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000336-addr_0x00000000023c0000-size_0x00000000001c0000-perm_rw.bin", "filename": "process_00000002-region_00000336-addr_0x00000000023c0000-size_0x00000000001c0000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "d0225785d96d91624cf4cae8194d19cc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5e08bc70235fd970fe93c705b750d0c581b094e", "sha256_hash": "4e87207cef8c23aaab329546364b5abdb6753efaca6c6a434cf944a2c9dc419a", "size": 1835008, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000349-addr_0x00000000023c0000-size_0x0000000000160000-perm_rw.bin", "filename": "process_00000002-region_00000349-addr_0x00000000023c0000-size_0x0000000000160000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "6137dd4d25736229153eed1eccc9a2a4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0637733e340d09eb8ab0f7ea642643c6795d047c", "sha256_hash": "15c39f3dc57e89550f016d8d8e7d2a3b2ca00a26c55d6260f32ab331169ff0b4", "size": 1441792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000351-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000351-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_64", "md5_hash": "da8438ffb57b3847544709b993879e30", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfd6b8cc19a36758476c86063b38729898ebd391", "sha256_hash": "1c122764593511285aa0271ca0e1e4b5d5816ed750f2bf343be9aec2e6f0d196", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000657-addr_0x0000000002870000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000657-addr_0x0000000002870000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "13fd4271f4f698709ba068837ef67dd0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a117645e040c91515683853fab419e9d534668f0", "sha256_hash": "483993011149f198c1f65f7ba1e6d3746edd4c6ce089640f07c0b3082f87ba18", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000658-addr_0x00000000028b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000658-addr_0x00000000028b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "cb2dcecf53a89528d5aa83ffb8a1ec2b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2736b651611b97c73a67001be29cd75fae59c6b0", "sha256_hash": "e75d8f1a86c14a759c69aaabd6c6f2aaf538a091405261f5d76ce6dddeafaf49", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000659-addr_0x0000000002a80000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000659-addr_0x0000000002a80000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "abd753ca9b69723a7714840a6f31e5a5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b95d022611cc4df85d6ec080d4289671dda065ba", "sha256_hash": "eebd37d2a47f5e268422f29cb74c131c6a40cfbd93bd8f4ede276a677fd72683", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000660-addr_0x0000000002ad0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000660-addr_0x0000000002ad0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "cb7e9c1067e209ddcb35916d01d02114", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad82488a7d198c1540504acd6bb2225690c24039", "sha256_hash": "652562105d4a5f3582dbbdfffb1fc0330b258a8b764284c0467e5cf1c0a744f1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000661-addr_0x000000007efa4000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000661-addr_0x000000007efa4000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "bc8cc1bf601d252f1440a6496271e86d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a7efed72211dff8cf0c674cd70da17a8579d1d15", "sha256_hash": "0b87c3ca989547d81a08a2a0f8fd8c6d26f27c3a070b3f34d4ee23f0c410e1d5", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000662-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000662-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "d85813a0a243884f93cdd18f8b0a907f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40209c0ee50186b49cf6404aa001b0bedc019c30", "sha256_hash": "68841bbd459676f3df40449bcba734fced123ab50ed0abfc0acd65f0f11719f4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000838-addr_0x0000000000db0000-size_0x00000000000b0000-perm_rw.bin", "filename": "process_00000002-region_00000838-addr_0x0000000000db0000-size_0x00000000000b0000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "63e90f70700e1640426f351176646116", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6810c338b6591109e76470ce61e634d4c97f503e", "sha256_hash": "9d9630caf0f60c4ceea78774c62d25e87b03af5effdde858029b61a09d48210a", "size": 720896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000867-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000867-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "a5dd2a7b10315811919674dabf4fb778", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a702f7d85d6fc3eada151eed4ee1785e05526faf", "sha256_hash": "cb1555f50a9b63cec90cca454ade602b4c01e5fab2d831c04cb05378498ca916", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000869-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000869-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "f4746885704b3e6a314c2ab7023d0cfb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfa32ad097ce582aa8588bef3b30e0f291e1a599", "sha256_hash": "883e7872ad8b4d2fe428f61fd584050644d5c3b5b7da2c504e57e88f82818ccf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000870-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000870-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "834d342b206915e37e4edf0ac1a1a4c5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1117dc9d0db20795742b904295bc74074d4ef5a9", "sha256_hash": "a4244e0a450accbf260d48292caaf380f23fec59f5de14c8dfbd364a923e054a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000872-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000872-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "8e378f2f2847dd7ffaa13a3a11828d74", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "977c92cf2ee61f47fbf8c3c573395419a8c5dc23", "sha256_hash": "e0b654774bf60afd1ddea45dacdb50b9cca7ae75234ce4bb71e1f9a1ebb781f2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000873-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000873-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "eb151493a580c2da651f44306205af31", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2eb5a89f4e068bacd1f6a96c0351a3ae323bbb8", "sha256_hash": "99d095fa4b1786ed3d611d89e4a4b7e40718dccd8818bf2344ea325d1d305277", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000875-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000875-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "e2d4209cfe4c5b3f958de0da9c913404", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "212ec2baeb69cf3c69a73da08912b15394ee614a", "sha256_hash": "c4f3b58249432598867707eab42952b8c10c6b99397826068d920e6596c50f0d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000876-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000876-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "14df6d93d49ae2b94999739034e875ec", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5c441f9ba58a65131f872c6201261a4b4a309cd", "sha256_hash": "557671f205f52f1ede6b4436fa5dfbc2c3271a3cb7bfaee9f31ac03c5a20a65e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000879-addr_0x00000000000a0000-size_0x000000000000b000-perm_rw.bin", "filename": "process_00000002-region_00000879-addr_0x00000000000a0000-size_0x000000000000b000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "d7b94722534796ee649ebe449d31968e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "170a402b4a46de8f0f48da3ff75ee2a8178a0a25", "sha256_hash": "1ab6b9d6aecb2b498dfc5f2d72373a99754c47588ec0cff4f80f1849aa8bc4aa", "size": 45056, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000881-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000881-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "9551a2e62086ca0b6f1a6385f53df476", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f3fc17880602b17354f0636ece4cc8e81d46922", "sha256_hash": "ccd7735c3930880a16a73a74f358176b205f1df6313e2e5c5f521118efa832fa", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000882-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000882-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "d1206bd8e7742338b32eb28ce31690ad", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7f37b45c1a1d26735de92b0a5bb38ca4baf9ac5e", "sha256_hash": "f55a27e093e6fb40d9542b649f82ba5462ff7ce4c7ea47e3b52e2b03b2ed976d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000884-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000884-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "4c0a4e47b22b39f14f0a42ebdfa5ecdb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1462cd4683961461c591ea4c447620d5d0d2965", "sha256_hash": "972926c141da4fa8b295059e286224ae6879478c6ac1d6d7c006af6986ba7a20", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000885-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000885-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "ca2f1ef7c822d8a4accf5064e379c3df", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0480b8dab4882f09787d60594ced528a39198325", "sha256_hash": "18e4e93f0fab5aae20145a1c0e79357e1353420145aae0fe9dbd6f6e440f7ceb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000887-addr_0x0000000003240000-size_0x0000000000980000-perm_rw.bin", "filename": "process_00000002-region_00000887-addr_0x0000000003240000-size_0x0000000000980000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "8d0190184d15daf6fd8366e7b6f2244c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e55a2dcaf7c000d902f886efaf4c9413bff189a5", "sha256_hash": "f2a684fe367f2ada758ac5e04dd53187e36222c6f8dc2c33e54fd401f3dcc67a", "size": 9961472, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000888-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000888-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "6778852ac7b5bbaae8021d453e708b4d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ab4d34351ce74079b55e6d572e2427ffde024fa", "sha256_hash": "0718181ac24d47741f0e83650f3440abbbd3673f828226eaee4397550854bb6f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000890-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000890-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "35764a6786623510347ce577e1d70b92", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e8d41f0762369eb6d90aaf8a78911628772bdb76", "sha256_hash": "94e6653e13418623cb190c0e42fbe941400a8c3ca9e1eaa3e2dd0f8b9468e057", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000891-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000891-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "14dc9d0a4bca06ae6a9e17f39890c6bc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd7b6aefb6a8ea31fb0e7e45dd9d65490709d468", "sha256_hash": "bcb1b9bce0d9767aa94c607db1aac7b1b5f21f2703a465e48060bffec167663f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000894-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000894-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "5f32dbce9db17fb587952625751a4863", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b69c55812e625d33b1671f6b5b9f5c6cd678c0f", "sha256_hash": "1adfdb9795d4eae5d38d4345bba04a1b3a095fe5975ce90fd6994f072517f98f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000896-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000896-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "c6a553eaaff8b5d95d3404b2022a17f3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90853f14127c59c62a52d2d2d982564de35ff2b2", "sha256_hash": "6ce58294310af320a16595b9dede50a91ddfcde62ad109051f0b39e46e418f08", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000897-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000897-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "177ab157d4494ad01d927e198291b32a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8607c7854d7f30a6894f5e6cbf9754a4bd31d976", "sha256_hash": "5c42cf551759aaf0b80d4386691079feffa419d1b643af5f89fb66374f0f6e51", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000899-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000899-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_211", "md5_hash": "14fe8b9e484c71db7b1ffda7683dc70a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b514b2c15b57d08046b6eacfd4830e1a5c0e69d1", "sha256_hash": "63c214d40c6e5f8108e13ff91db3481baede21ca2e0c524dca95c0342aa8ab8d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000900-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000900-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "f4164af21652ae00b3143ae17b89c3eb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fed7eae7d52cf3bb1cb4259f1507ee9c315e56a1", "sha256_hash": "f634217a8bd242ca54aa31477da813add4157a1ee1625991d56ab739d653a1a9", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000902-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000902-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "96e66830296a56660ef0cc9f64e063d1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "21b3b84382666d2bcf1f4e6dc93a9dd1d70b3768", "sha256_hash": "e93b3c36e262e1af058f69a743546d32f77a721f2080524f86d6b19dccaed25b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000903-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000903-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "96f2ac8e3a3f46479524f57207936597", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4a6df0820b6768224a2cccd6493f4c8d1db5e74c", "sha256_hash": "7f3bad8a6b26ebab1a09a06d2feffebc08837e07a4826716ef69bed86bdd2793", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000972-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000002-region_00000972-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "6389dbdeea0fce88f33f30d8187b77b2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "290b5d125e83151b9d3508d23b29714a911d8a87", "sha256_hash": "eec5b8b2558624a04120102bb23f63317e6223012b0c114c9c4f84eb7f2fb188", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000974-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000974-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_216", "md5_hash": "0b6ab1a7c7ca908f182b2609a019f1a1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4deb7d28d416ef2d60ad9e14eb3625f3ee41d412", "sha256_hash": "d5d382ac929aed95b57c264dd03f0de76d422ec931b4e7c56d7f7c7f2f2aaaa6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000975-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000975-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "9b35883f0f1844dc838c64f6556c8f78", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f32b10e25934602e94e57c4004cc87d0d7e1246", "sha256_hash": "0a1b4b9f881a990db95cee703834c3c3fce9f93cf90876d5b6f53c99876b1474", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000978-addr_0x00000000000a0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000978-addr_0x00000000000a0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "6898d05568cf56d1eeea6110c69a92dd", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b8d53fdf914073afa17709363e693563340eedd0", "sha256_hash": "731db4f81d3bb554f88be5644ec70b1e0fc7b8c00975321e97bb63a0569f0f66", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000980-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000980-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "12fef13355e4eca9e9a5efe4afa630f1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "55542bab8c1fbeae492de373b283f971a3132615", "sha256_hash": "d336fe1d1d4878b546b50392ee206b44bec9f6811b527bb708a62cdc7c503fe1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000981-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000981-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "bafd2f6a3179e1cb966e832383e43796", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "66050bf159fe338d8a71dde1e04e36c9c5b72627", "sha256_hash": "8f4fcea1928bc840bcd615982036b030122be03ec7a8eddd07bb4ea216a5e46b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000984-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000984-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "ab45fb7f91e45e83a3878b60a9cde06f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "44cd98dfbd864c39f1a50b18da1da12023fb2704", "sha256_hash": "2e177ff0cd193a00f8246ef675f6132668f1f6a6039ad18c3b60891f4b79876b", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000986-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000986-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "7a2f696dd6de6d682b940320cc8a5889", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c12072a2b60261fed2a9bd1b72df40c99643c70", "sha256_hash": "c1fa32b46a8e04268ab82a3feffc8570b244cc13e31535bc96017eb406f1389a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000987-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000987-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_223", "md5_hash": "083ef73c72406ba5aca96c174a2371e4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b97e889dc19a85014b86a7d60300f63a9feb72e", "sha256_hash": "036dfc97f0713d50b55dddcbd7685fa6f7f6a01d211a4e65d54fc385e2ad4832", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000990-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000002-region_00000990-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "fb53bcd449f5c69243df8ac71fa8b104", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf569c355ca2b9bb3f59d0e7e9e610bb885875f3", "sha256_hash": "c0e4e123e48833c64663cc1ddeb3c77d8362fc897f16f9bcfef107b8960b01f5", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000992-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000992-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_225", "md5_hash": "7f44ad79d3a1ff618214dd647e146e84", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd6e116233fb4a813613899302cb30d2a43e3e42", "sha256_hash": "4fc5a1089ec109bff14efb560e2476649b61a96df217eb9ddf48b53281bbdce9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000993-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000993-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_226", "md5_hash": "28c9961204edaa76674d6c8d94ba6ce6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "323ecbb78d4f1c34fc8ddbb70c2ce3abae6e2db3", "sha256_hash": "7e8e808ddd1c180317ebf6fed49104294187cebd213ffc3a6a9b69a47fa5c3b8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000995-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000995-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_227", "md5_hash": "6aaf43f9be1200a28a46f48dbc0cf17f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8d0b82a703a7f37d3a0b87191a057d8b9d5b350", "sha256_hash": "99ce47353490febaca0b59d16623ed0caa426357f0421746c28baf7660a4f377", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000996-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000996-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "e0dbae2e2609e962bf6f0fad08b855c2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3638ed332d0af2bce20ea91762a243f5fafa543", "sha256_hash": "34a744d0ecff1e01c56c75c016dc1646806b40d8b57bd7f6870ffadf2bd79694", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000998-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000998-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_229", "md5_hash": "c718f11f3ccdfae869b02fb80725ced5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81267098c2bfb65bca746bb05d967cd7d50ac41c", "sha256_hash": "0373a8484a4fd61b024a6fddda4431b4234a30591a908198e32b0dd5fcf51e02", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000999-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000999-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "8a237afa297c73dbbb3b618d0851d2a4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8a4c6220161d7485307a7d64a7c1583268cb9dbf", "sha256_hash": "aa9df854f887565ecf2396c06d17e8114d02fd05a2336c07cf623b5e121662d6", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001001-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001001-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_231", "md5_hash": "d75af9d3a6709ce1188ea12982a168d6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "affac44f4763ab4db3073d71694fe20fcea7f06c", "sha256_hash": "1a4c5ce19537f174f4c81472b1eea8660cfd04aa880d0e244c2814fb4fc26046", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001002-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001002-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "605a47486682d812ef20cd7ee6ff5dcf", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ccdbcd63275c50154bcc24284f3c468877516709", "sha256_hash": "16cd43eb06541f3a64670ef43646ef3561a903fa6d5968720725d13b61675ef5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001004-addr_0x0000000003240000-size_0x00000000002cc000-perm_rw.bin", "filename": "process_00000002-region_00001004-addr_0x0000000003240000-size_0x00000000002cc000-perm_rw.bin", "id": "proc_dump_233", "md5_hash": "f6e7824e9cdfa836f7c408705e74e983", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "80e06c301bfab05ea76282fde5c265f529eb2e41", "sha256_hash": "70928b4cb7988ebe6bb88f1d5205f573cd5e91e3efb7f3ecbafb6d6d987ef1e3", "size": 2932736, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001005-addr_0x00000000000a0000-size_0x000000000000c000-perm_rw.bin", "filename": "process_00000002-region_00001005-addr_0x00000000000a0000-size_0x000000000000c000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "e530d659b82116722019a32780e19376", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76f33ce040533e0211d3fca8a445a5bee98beed4", "sha256_hash": "6478dc7eabe8971b30dd263afd72dc735e7f3fa3794409726707756384a56979", "size": 49152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001007-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001007-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "70169ac5acbacb301f780f7721dc5938", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ee5fbec6b52330e5688c42de24019e06499c530", "sha256_hash": "d108c424154c154a7dabeaf4d8c19460f510dac0af1220a20f0e6dafd846a161", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001008-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001008-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_236", "md5_hash": "ffba9f19b4dab92dd579b898789f0ddb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8ccdb41f3b6198080e92e7b60cd117fea5cee32", "sha256_hash": "3cc856000de976940c66c584e34bce477fed91a150178273f9cd8b3fc69a74ed", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001011-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001011-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "a0254931086145e4e1b57a38729e7150", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d44cbe60c62a4d512c6c505d6460df6bfbd95818", "sha256_hash": "11523e192e37fee3ed7717d5e849d2c1c66f8a2b6ca00664780583ee33e7ba66", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001013-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001013-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_238", "md5_hash": "ef2f844926721445a8514398a8436493", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74451cb327861b9d87f9a233512913236a63ebb2", "sha256_hash": "7b0638b34e5440b9ef1a187e0f9771be450b7773a03c0a55b0746983fced7242", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001014-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001014-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "987fe5f4731243ebe5aaa59f1c4b1bdd", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e2f3b65a201f96f45e25fadb644d9b6f7aaf0c6", "sha256_hash": "5e2f46976f60de7b5f0bff67918bf3a40b2c9f8be679ac9ffa843650af1b856b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001016-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001016-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_240", "md5_hash": "1b6b24df4b1cda18276a8cdd39079ecf", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c6bc432a8ce1a4c9406d55b5449b3c2772aabc6", "sha256_hash": "0a262b47c6905a8998f0c13589bf5c5648fbe712c6c9c935c9031c5d39533033", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001017-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001017-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_241", "md5_hash": "4c7334c4c97e7b4bb0ea6f1e96aa7849", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fac53be50968075130cdf82d9d80db0c12094660", "sha256_hash": "2ad2c93b157af5004f7322bfcfd2704823b95e6bf9f312f6c923092024e9d73e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001019-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001019-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_242", "md5_hash": "a04ed66840437bcd6e7178bfdcfedb34", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "26a484bf8f75837bac8b7c6484d25c287c23a98d", "sha256_hash": "22c52c63d03ca4ba04b51eb8eff4d2bf725a4eec7567e82cc84e48bf33ab1857", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001020-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001020-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_243", "md5_hash": "4ebbf880d766146a13f1f1a160c592d8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "afb50b021ae1269701e0437b7d5eeb22ceca16c4", "sha256_hash": "577f1a0c96915459cbe785a998b2a81ae3b45b2efcee2cb838bf482cebccfd30", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001023-addr_0x00000000000a0000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000002-region_00001023-addr_0x00000000000a0000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_244", "md5_hash": "a9567acc76757a37d6c7f03cd2f97a45", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "887f1f17971a31f200d31b923b8d4722da3046ac", "sha256_hash": "a6ca9e56c960d768c859c3b8fe6c429276240937bfca9bbfa703f99b9a73a06c", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001025-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00001025-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_245", "md5_hash": "586558fdc9e543176fe69d03c6129873", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c9742a5941ecb51c8947a6f2ca3a1a50fdf8e13a", "sha256_hash": "ac5b41ccc90860ba654540067c93e361d73f781837e87c81540e7e7aa12f9562", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001026-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00001026-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_246", "md5_hash": "705b37d27f5640d50a0aa38e24c1f246", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2d785c2bbe1a5a849598b2c36249852a65d1eac", "sha256_hash": "3ca14573817791a0ce8758657efbe3df76a0534d595c1849c85897585cdc9db1", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001028-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001028-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_247", "md5_hash": "6faf2ccb941f58e40c0689241a628c61", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6fb0052346006ecd01c87010cb5dbce67298562", "sha256_hash": "0887ad48c68464aab794285ede5e349365e4b9d489074820076c41c54030dcff", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001029-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001029-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_248", "md5_hash": "5b28bbcfeb2f8411c55696b1b1c0d726", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b7adc34e9e2f0eee207d0ef2ccd8d14356847ada", "sha256_hash": "c6053ef8c94c1ec093874982ec5b1c3ce47c30f83c42d3b70526d037ece46a6c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001032-addr_0x00000000000a0000-size_0x0000000000006000-perm_rw.bin", "filename": "process_00000002-region_00001032-addr_0x00000000000a0000-size_0x0000000000006000-perm_rw.bin", "id": "proc_dump_249", "md5_hash": "456df5eb6849e7c8907acc3e3f4890f2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "99eb18a5ddbe1ac2403f4e423e7ad96bc4a3e7a8", "sha256_hash": "1a3f31e04b1fcb606f8aebe4d0e02c1608f4770b6eff88267e7b6c895eb6c8c2", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001034-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001034-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_250", "md5_hash": "0b92531a5e9abcc4d76554b6b527aa47", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf45dd47d6a92745175351fc3f3c08a9481a51df", "sha256_hash": "530286025823b4716682fc4df5770dc6388fb0299ecb7d0d455d83de1e234e95", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001035-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001035-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_251", "md5_hash": "922cee96def31c827367783714b8d88f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e68ec8e445773d18337da79e299305f908c0f3ba", "sha256_hash": "19522a9aeda5ec797f14279eb0fb5b722d90ae79791db0953a2741d3a02fdedf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001037-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001037-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_252", "md5_hash": "4d8be4c3a0cd279a0c62bfb103f4bcd9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e4b6b55eced8095b50c6b681a0f00f0e208fb7ba", "sha256_hash": "f8b2f78e83eaf77982954babf400176e9d8665b51386a45f142fa45c619d1edf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001038-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001038-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_253", "md5_hash": "b0c31082e0666b42dc87cdbb5ad85050", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6ae94c8d98153263c10cc909d63ed3221cf506b", "sha256_hash": "a8f38420bb2edc3cdd88e31f550ef9ea5331daa4f28268cf850cfa6a156fb7f3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001040-addr_0x0000000003240000-size_0x00000000007e2000-perm_rw.bin", "filename": "process_00000002-region_00001040-addr_0x0000000003240000-size_0x00000000007e2000-perm_rw.bin", "id": "proc_dump_254", "md5_hash": "9a30646a5e60ba2a91ac0164157d853d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50b705824ee0ff37b434c7d846f6dc18ac17a3bf", "sha256_hash": "2a24c394690abf9a2222a2018aeeefa8d6d22bd12e16e1fc90379397388a59de", "size": 8265728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001041-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001041-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_255", "md5_hash": "faad7062d4dfdd0f06de8aef4e3a23f5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da6606a163b8f9e84dc98be2ba89bd9297b47489", "sha256_hash": "d36a23c63640f9ab3cdeb210d311f82f69bf902125a3724e936e4769ea6ec151", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001043-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001043-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_256", "md5_hash": "8a048f25d619847de4a383371a29690a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4ac98ee31cd519ef94c7115853774e4a4d7401ee", "sha256_hash": "afe8324b1929b8314a3ac4eb7af93f05f181c364dd35ac8e7f1faaa1e3ea98ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001044-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001044-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_257", "md5_hash": "947e47bb88014b99c97d5312b947364a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c12dfbe6c93e59a944abbbb7354821ddcda7f596", "sha256_hash": "a03ef70ce2da5d4a39c6fe864782882438d204e9975a15e6efe622aafb8f1e83", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001046-addr_0x0000000003240000-size_0x00000000003e8000-perm_rw.bin", "filename": "process_00000002-region_00001046-addr_0x0000000003240000-size_0x00000000003e8000-perm_rw.bin", "id": "proc_dump_258", "md5_hash": "1d8abe59a039e263f372b00fe9d677a5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2eefe3da3bcf70a54437e17edc0bd805fbbeae59", "sha256_hash": "e61d2b8cc0da329452a095dc69112424f6f84f88135c39b82dc83642b73c3217", "size": 4096000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001047-addr_0x00000000000a0000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000002-region_00001047-addr_0x00000000000a0000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_259", "md5_hash": "39dd4f9128372588cc24de7ac98922fc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e63b2c09d1fbea4a66a34f205044797c250245ca", "sha256_hash": "98077a011f1cb54340a0429fd803688460d7793def5837319613db8b405576e8", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001049-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001049-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_260", "md5_hash": "6db14e1e63d86ee207c5d565bf61e1b0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "715000042cececf4b22fb977af3cadf8f2d44605", "sha256_hash": "a6a5ecace78c9992dffedbe8304a15a7426d4082c6f5e6026a0545c2a589b773", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001050-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001050-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_261", "md5_hash": "aa173c5e726d55c1a5ddcba895c2aaaa", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ddb4c2c817f59ed21e9c698bb43f34c02a370", "sha256_hash": "798355c833304654fca19308155bd69210260833b74a4768de2687209baefee8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001052-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001052-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_262", "md5_hash": "8ba43e373b652e561fabe5c1f100780d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d30f6c99cebfaf7d92540af3d43e0c97d1a548c6", "sha256_hash": "641862b71864621cc959489cffe45a5ba1908602cdd4bfa76a8ad62918efcbae", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001053-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001053-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_263", "md5_hash": "5760f18549edf159d168ea930171804d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a61496e8ac6b2a55b15aac3b851ed289828d5c71", "sha256_hash": "af8986eb43031fd318d01009a0aaadff1a8aeb279b9ebe16cc7ec15961c2e703", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001055-addr_0x0000000002850000-size_0x0000000000092000-perm_rw.bin", "filename": "process_00000002-region_00001055-addr_0x0000000002850000-size_0x0000000000092000-perm_rw.bin", "id": "proc_dump_264", "md5_hash": "60319d761222a0485fefff203f9a6800", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b8b2a273be58ef88566c3ce20ef5ddfeb7d20ac", "sha256_hash": "fe60d7cba5811d92bf978f86718b6724cbb8caffc10642d419d03f271b1279ec", "size": 598016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001056-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001056-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_265", "md5_hash": "450f3bdc36dcf8d9f4468a7fdbe597f2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91d20bc9f8bda2baa8a203e704c5d056e5d8c42f", "sha256_hash": "32ebb449cc9a0da6572b1b414f59acceb018582d92835376e9077078e22b5e28", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001080-addr_0x00000000000a0000-size_0x000000000000a000-perm_rw.bin", "filename": "process_00000002-region_00001080-addr_0x00000000000a0000-size_0x000000000000a000-perm_rw.bin", "id": "proc_dump_273", "md5_hash": "2fde84b95058a5459ac75fbdad4847b1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "929c77488f213c3d79de8b7c66eef5c0518de1e0", "sha256_hash": "92ae3552d6aa0cbef025c966aae5ce741755ab83bf230f36f9d4ad79a1f57ed6", "size": 40960, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001082-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001082-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_274", "md5_hash": "42fd3df9c9b189c9f8b5be71da1810f6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7ecb24cbb03560214d566d1d974ad8125ed5c2d", "sha256_hash": "1982f9a61295b225b415561510f27d20fddd4d8641fe9717163174c5e8268f72", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001115-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00001115-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_279", "md5_hash": "40dacfd4d6b58539ec3d9feb23c70ee7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc57812b0a0efe83dd1d9a0fe06ea37971c84e56", "sha256_hash": "569167520c05d7c642db178453f564241f92439bfd71f200ddd995bb9573afd8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001135-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001135-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "b1eaaeb6698254bde365424abed99212", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d654f041fbf52ba97229ec9ef4023bfba7852785", "sha256_hash": "672598d56a4d192db8ebb393eacef9ab7bca1a27037cd63fad7faae80017326a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001165-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001165-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_294", "md5_hash": "74f6a3dc734c9852b8d7c8e1a68df5ca", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1761af74f33828988888e1609088e228aa1aad89", "sha256_hash": "9fbe81591fdbb9e1dad4070b19ab276250665a9c1e3652f9f1f6c0339b4d3d1a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001180-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00001180-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_297", "md5_hash": "550970349b6f3c03b361255a4ec6b673", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b96a5fe69b834e6b1b98b2811a08dd7a1c7542c", "sha256_hash": "69f3af0cf2b962077b259a7d0a8975eacf89af6c1f54310fb44e6dd0f1d024f3", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001181-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00001181-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "b812af86536df3fb1d80a3ca8196e4b9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30d0d5a1cfbe62ea8537e43f85dc35d5464674c5", "sha256_hash": "be484841904a303d62faa36c438d931dcbfbbcdd0df1290c9790a6fc5be57e9e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001242-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001242-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_314", "md5_hash": "b1f2b3bb2c6263ae928961095741dad2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9c9ea9adbefdb48d907bb3ab8c96ee13812503e1", "sha256_hash": "12129c4faac4145e0f6e5c781803475882186fa54cea11d5150a960c7fc9fe11", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00001243-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00001243-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_315", "md5_hash": "2072ac590a224e7db88fcbcc0b6f6b7c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1131073e6b807ec3512a5cb64772c0dcbba00c03", "sha256_hash": "10576e595b2bca38ab3f9f1553290916e32f9930a461deea358dbafa5005ba87", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000400-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000400-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "17ab7dab95b6377445866c90e61a8a84", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e3bf1470a1d43539cc4b597ed29bc9a26d940e5b", "sha256_hash": "21717cee093e0f321a6c6daf274228b4075175822b4e3b66a738ec485605b647", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000401-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000401-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "b28eac81cdc93490f48088bbeaa0c340", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "577c935c8307be5cf687dddfaa50be6c9178a3b4", "sha256_hash": "b44c17c72d4b5b4aa8598567f4690213ec7462245435d30e895aff82fb2fc1dc", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000405-addr_0x00000000000b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000405-addr_0x00000000000b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_67", "md5_hash": "e4638077dc2266c6086bd4337cf5d98a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "45a0ed56910950676d691eb3b153404cfcf66cfa", "sha256_hash": "aeb7e2f8257d391ecfda6712f3d23aadaa76e86f0631910cfb1ca519ff9a2ecd", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000406-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000406-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_68", "md5_hash": "600a0e35ad3c597951f32906a64d5b48", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "984eb3f9ccfe3554e76782cd6ccc9d0e5b37076a", "sha256_hash": "de22705427b522fa5b37d27ed6ce1023826658600dde06523b980e2faf7fd6a4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000411-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000411-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_69", "md5_hash": "3504d6bef1d01bceb4d14696b81640fd", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af610958d9d63952d26e9f0d7a1c1060b3daf367", "sha256_hash": "79da60a4bbda32233851e9b020a59ab44b351d704a8a18ba63b641e8d15d47d4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000412-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000412-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_70", "md5_hash": "842f25393bd9acbe8a2c98785de10460", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7893b63cf9caafc776079db93dc14b6f1066e707", "sha256_hash": "7aad9f870cf2d5746d30254d98a3b7376938284b03bbae8e214911baa768f4e1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000413-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000413-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_71", "md5_hash": "5bc6ee9f43d81a2988681aafc56c726c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f73e581c2208d5cc5127a1ff50d4a871faf93d7", "sha256_hash": "75405b3b53992848b5edf950e14f5cd65c027ef6dfd769fa70c4e36a9f27ea05", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000415-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000415-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_72", "md5_hash": "1158853e130a988b5cb33ba4521be686", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5cb6c8c9849aaee88b8cc4c885f552fbaff7654d", "sha256_hash": "2714583436d4b231d378838072893934ebd3756d70de176df5515cdf6b2429d2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000417-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000417-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "c8a3e43427e6eaa09c6ce0e2b3cf5140", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e2bbb89f6a2c01583ecf62d13d22ca0dbcfa940", "sha256_hash": "a28aa1d599de96220903116767e277108c7bf787af0ca74ec1d72337d73a82b2", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000424-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000424-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "5ef37f109fc4d665226b0115398ea716", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b770897c39581735ab46851ceeb1eef38238d1c2", "sha256_hash": "ddb10e0a8025974797b5997e56b8e6cb3eb2537e3105652b54b0bc4238dbf9ea", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000425-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000425-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "726610c007a37c35c2f6bea6f3185f47", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "515310649bb7bda33e6d2e53f05aeb6ecca49cd0", "sha256_hash": "490d362dc5b8acef2d1f0be85204f94b3c1e4b0966c346407df9f8b67eee911d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000439-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000003-region_00000439-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_76", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000440-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000003-region_00000440-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_77", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000448-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000448-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_78", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000449-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000449-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_79", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000454-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000454-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_80", "md5_hash": "9246540c5efd856a482c663155a68f42", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1597813389b4c93f60b4ee190e582a4b600e05cc", "sha256_hash": "e2b406e064ee3e6990b91d2646b8c73c3e107527a9a4688a31775205270426d7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000455-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000455-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_81", "md5_hash": "2672db5430da269722d35a2693b9e1e6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c2e86fc27d76d5e177b4467dfc10a76fcf85d8ba", "sha256_hash": "6f0f0475a27243e08e94152c413f5a9d4684b840912f8a8e7ffbb26b3d11d257", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000459-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000459-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_82", "md5_hash": "383916a2f8f9dc018c260e4b11155742", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0722be709b4c950611c7218d629a5a67ca81474", "sha256_hash": "cbcfd5a81208a6fe9bec2d58e1de03fcbd3a5f2f239e2d714f2712b4107dc49f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000461-addr_0x00000000002e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000461-addr_0x00000000002e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_83", "md5_hash": "1dde773a5ae1f1046f020376dd036b03", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "024d5b1ca73facec00537184e0feeaa96793081d", "sha256_hash": "a5fa5b1630669274de479cccfe851bb5093e182451d77724b17d59956681c9ef", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000465-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000465-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_84", "md5_hash": "68987db8f6ffe80b95ecd1ecbafbab0e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71ca024d3bf1e5ac621bfd2371c5278efc557d86", "sha256_hash": "fea4779f9cb692ca9967e8852f0178eaf88661dc009eef69bd8012f41b35f8ba", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000466-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000466-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_85", "md5_hash": "6544ad7f1a553d859f85e87485fe77c8", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c5af691fcac6a8dd4a69509c54a5b6ef3f52857", "sha256_hash": "3a7be123723f773b5c7a2483fb279199a8482af7ca08267ce0fbb99ccdaa8430", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000467-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000467-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_86", "md5_hash": "d2d9fc146cb19e2ea0ffbda37b17d579", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ecff8892a46c73076c3599e0cf70c718533a1ac", "sha256_hash": "abdf3f4071ee783cfb5b04dd5bdc417580a510c6ec1085531221062d0ba231ea", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000469-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000469-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_87", "md5_hash": "f15f13f7cc7756b2e13c7611ecb388b0", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76eae895968b4f58c5044b24daf4d08e4f0b5904", "sha256_hash": "b1142ef26f7efcee0bdd841916a2f8af87f270e8b68d5d4d9f5f2c5c21dab6f9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000471-addr_0x0000000000160000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000471-addr_0x0000000000160000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_88", "md5_hash": "f8ffa6924d6460fd4497b13e6e29ac5c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b67b96bbd5f48176fb1af3f409c329c85d053ef", "sha256_hash": "2597b62491f7fb1e9bf23d9ec9e3e3a1c8026c533b6ebdab7cffb07d1521ba1e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000478-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000478-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_89", "md5_hash": "24b621803445205f7c5bd5a386a7aca6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "330436fc85a96082a97aed621dfa6b3bcc360c6e", "sha256_hash": "57b011f77be5715709517a6c6cec7fedfd03ed8b9a589feff72e5a76c2550cf5", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000479-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000479-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_90", "md5_hash": "e7a566469d12867114bca9d43c740b56", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b93ecc427b163e3d3c0ab10e5ef547611d329977", "sha256_hash": "c75dd3a77149084b124edf979196c993c59d1e84f4a7fa1675b63a249a9bcb89", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000496-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000004-region_00000496-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_91", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000497-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000004-region_00000497-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_92", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000506-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000506-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_93", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000507-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000507-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_94", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000512-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000512-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_95", "md5_hash": "ccb79962f6578551a994eb40085842a0", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47eb26a71665f18c506f9d4271b137c6da0f1371", "sha256_hash": "1dc2abb408795a87241ce28f7153d232a7308c059d5b65c834bbc972d349af85", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000513-addr_0x0000000001f60000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000513-addr_0x0000000001f60000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_96", "md5_hash": "e345ae63cdaae68b77a1c05fd187023c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "942973b5039e9cbf7885c725cacd6536e4c8727a", "sha256_hash": "b7190caa6c3b7577fd2a09614578c70f78552c07fcfc137840a5024e1b3d783f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000514-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000514-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_97", "md5_hash": "d1c3072e84e33deba682beae9f044556", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d30535691199fa4e53650f8eec705cb339121ce", "sha256_hash": "a7ab5d68d8f473522d5d708f02ad5d72000dcafe882d9447850036891c8be0ec", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000516-addr_0x0000000001fa0000-size_0x0000000000120000-perm_rw.bin", "filename": "process_00000004-region_00000516-addr_0x0000000001fa0000-size_0x0000000000120000-perm_rw.bin", "id": "proc_dump_98", "md5_hash": "7250d0cf5fdcd0bded4dad2982c3d665", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "28538cf2ed3a0e9842e97ecffea07099ef7f0aef", "sha256_hash": "9a58ac27dcc2ec1008e55df7c9f146766f08c13edc384a05c60c4f38b415bb64", "size": 1179648, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000518-addr_0x0000000002080000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000518-addr_0x0000000002080000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_99", "md5_hash": "8550bd0944e2c1364d9f1c222ba2133b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d19e64cae90ba821d140542644c0f0cfb1bbad3", "sha256_hash": "4fb0170caf5551e1eb9118cebcf367754684dfa47212f94f87f693097318d4a3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000524-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000524-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_100", "md5_hash": "a2c7340b8c61f5cbf27e633919c5875d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a5b71b937ad2fe8a90e46633b0959c1fbfaa47b", "sha256_hash": "2981e157611c1224b96274248d79a0fea50827eddb4aaa7f0b9abafb7bdc2f35", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000525-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000525-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_101", "md5_hash": "efe1a1356bcfad98e7f904739db84e70", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8ab02f4263a672b18c4a0ac612085d0b7c1e877", "sha256_hash": "b5a7a9863581e35714f731563399ba8151136e07621d5e730fddede2b7dde748", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000527-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000527-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_102", "md5_hash": "139e73d0d2a577666bea48f5e64d168d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c7bab13562fc8445d365c302b9c1d94997e987df", "sha256_hash": "e60336b629e8a75c83612f6e6e1f9e432fe518a37038b778136377a9ee8893bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000530-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000530-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_103", "md5_hash": "74f44566cc0c9bb0aa16162556883313", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9984cf2c77a65b579cbccbdbc85baa1a1ea3cf65", "sha256_hash": "9ea418c9b3028a979790d693d28d43827572f427ffceb35dbfef2fdab965a2c8", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000535-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000535-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_104", "md5_hash": "25c7dd29617824f824b6a04fab9aae3e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e058b7ad36d373471abdf83f4d7f065be1ca094", "sha256_hash": "ccccf8c4e3567dc84c7b0ab62423e002fc3a4f5fa1d6776a4bf7eb3bcb84e06b", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000536-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000536-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_105", "md5_hash": "9b2a0edac927b5219b399966d4961372", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "060a2ba7bc337419796074806844a98c72d250ac", "sha256_hash": "2cd706cb4fb9a230f512dc2b063c898b9fa0a31f67b94ef61096becf62f06ec0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000537-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000537-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_106", "md5_hash": "2b524886070e4fd90c47947c9ac63623", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2b5d3181e907cdc15c41da1d054b5abd72e370e", "sha256_hash": "39a870a85ad7e0f26faf927a68f88d98b667cd5a28736b3c3ac698036f725b89", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000539-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000539-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_107", "md5_hash": "700fc022df89a82f54e5e92def535d12", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1af18cb9840d032419846a10809cd4c3ab343bb3", "sha256_hash": "a20b52dde50f2667a80335071aa05ff3954e5030d44105feea625252ece65d0d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000541-addr_0x0000000000100000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000541-addr_0x0000000000100000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "cb1c8567028def7b802184ba31a7fdc8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52ebf43776d0b13889334a3d31d9a63253ed470e", "sha256_hash": "09f84183053f899e35edd7fcbd3fdacd5f34e3490066b38add24c3d53fecf35d", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000548-addr_0x0000000000380000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000548-addr_0x0000000000380000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "580a7597415a5747914c4f57a59ea5f5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "775d39077d8ad142d180edb38ec683eaa8e63b4e", "sha256_hash": "e2b68418c16993909c47c7507d4b6c748b2bf96e44329d05e2ccb19ec1bda16a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000549-addr_0x0000000000640000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000549-addr_0x0000000000640000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "0ad50e2a4db7671830facf3a4e170605", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "62c858d7808f759acbcde55fc9f30041f52e3474", "sha256_hash": "47187a44f04632de35adbc79c6d0ff1ef354d0820e87c4a73b63ded48bb808a5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000563-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000005-region_00000563-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_111", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000564-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000005-region_00000564-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_112", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000572-addr_0x00000000000c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000572-addr_0x00000000000c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000573-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000573-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000581-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000581-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "eaed6a16afebe1835799959a70cb7dd0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9ecb61e26bb345735b7429749f50ee62bdeca511", "sha256_hash": "06fb877b58f5713df6c96b9ce4407a88b729f33b236fb4e8eb536d3bd9bc85df", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000582-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00000582-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "25511c767a9cfebe9844f5dc75348eaf", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d1d8cba5c11367f80a0e51c1f6d8ebf918ff84ff", "sha256_hash": "e9b1169ae5eb6beb98f865625f44fc271adfe905dbe5875aa60e0baee3530f1b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000586-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000586-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_117", "md5_hash": "31f1a6484b0e9bccf98c9e7f8d3d094b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81408428c6c8bc38a44f970ba76ddf90584cb8ea", "sha256_hash": "0fc1cf5e8a1d2d68bfb6a709b0347368bdf08c5c00615b3aba63d706f06b0c42", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000587-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000587-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "8d910e4bf62388493893389b777800f7", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90657687136999b2050cba9838d6c725aa01053e", "sha256_hash": "784ec25f9e04200a1ed5d528fa4958c3705faf6ceb752b9147ea5e6a37613c62", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000592-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00000592-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "f244df1878854edb4badb1ab4dec1945", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4dc0ba8c23a42cf17a965e4f7831ae413e1afe28", "sha256_hash": "f05ed5816af808deefb09b6c9deb9073bca4ef3a6f89d2ff1215c74353e4e034", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000593-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000593-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "9720d4b5f811c5a196c3251e446d117f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a81e99b6902f574c083581236a39c60ffcf2844", "sha256_hash": "050765bd220b17a3a050456df9aedca73d816bf8d8b3bb0d7c015c86ed1b0c6a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000594-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000594-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "c57ead72c282f913c567b6c5eb92181a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f70ded335af4a69cc290bb448c16f26772c4b9e", "sha256_hash": "7b5e930abd8ea9821b858b3165c8f98e0b96b3231fd7752a9249ab93bc771f23", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000596-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00000596-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_122", "md5_hash": "0c66ffcc81a131536a19f4321411b08f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "178ff12a37035295006235e23fd65d5cf949c0ed", "sha256_hash": "19f24297e38b04ad0cbcefc62c4939a020268d9e8f4f5fa85fce8ad79882c72e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000598-addr_0x00000000000b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00000598-addr_0x00000000000b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "9a68f126251cb5fbd6ca8a190d993033", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5aee6a1f13c99c0684350a6c8c38819a394acf03", "sha256_hash": "f05450d9348e09c50944827de5be3bb9576e437158f0e788718975ef5b1bb5d7", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000694-addr_0x00000000002f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000694-addr_0x00000000002f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "cd656090b7055f708a9ed6d233d938f3", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c442e455b12143599bb758420520139be743a644", "sha256_hash": "eafbc774630c96b0517faa061b8855b1ac176ca809a9929eb35b77611b75bf84", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000695-addr_0x0000000000440000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000695-addr_0x0000000000440000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "fbc1c92e73b522b82457e72ce1f1c2ef", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee56147eb105c17cd4ec95b8832e01779f0c3c8f", "sha256_hash": "9fa32772a996b1eabe896ad490312a93d3198bb74a52a7427486f023d01e466e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000709-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00000709-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_155", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000710-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00000710-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_156", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000718-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000718-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000719-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000719-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000611-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00000611-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "054eae648ac6c5c1bcb0bd15cb976bd8", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f58e781f90342c22141cb2ac14b83acda7d20d68", "sha256_hash": "c0d5c9dc9e1ff347392b2d1f708cecd6e41b7bf10b0079e5bff2a9a3dc893b8b", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000612-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00000612-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "bb459a174c13961489f043353fb419b1", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fca7def084dabfa2fb080a0f2f1570872d0b4bb7", "sha256_hash": "36aebab938895303d831a1c3f4f534197ac1d709dcac5e9eebf6353c8442ca60", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000616-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000616-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "080c74e2d07463b9148d005fd579f296", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "792935baa5ffc848f35492947b574f5f36588878", "sha256_hash": "761188849730ac4c4095a15a10fca47de3e3e9c331e4c17e2428782ab2b9d204", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000617-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000617-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_127", "md5_hash": "676514f7071428e90df6bde266821bca", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39917b91bd82acaf7cfc183e2c691a0921f5b5f7", "sha256_hash": "f5a892a12b9da973667ed6620bdb7a89aa9cd1af6ced72c48555dc02c2c46ba9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000622-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00000622-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "d476a3cac5b535cfa0d63751129845ee", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "311802ee08ff305635c600e281d971dcbabdfab5", "sha256_hash": "ab045976fe4d09b31f1db981329c61c1eec86e76d1feb8d1b9ac0ac815b7eb88", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000623-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000623-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "f1303602c8a9c5c07791fbcd1b0d6ebf", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7eceec3feee66a0bc1d4f08b841de16257b86371", "sha256_hash": "123e34f058092563752d1792308c7ce62067a089bf41cb234a437d5ef23a51c9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000624-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000624-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "e001e1495b730a0f6330bb531fd94635", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1e1531a235d758e269278b3386dc2cc9cc1fd40", "sha256_hash": "66becc493cb0c2e3513f5be55c4e3283b63c050d4e2d627abc81c483243bc697", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000626-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00000626-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_131", "md5_hash": "2fd8cc9242ece4773f9d8555e87f24f5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b4c063ce9763d43e834a14b05cdbaf21ec6e314", "sha256_hash": "39caa2944a79e68ec4c0c3abae200102a49788589669b54854cd3601f861f149", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000628-addr_0x0000000000290000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00000628-addr_0x0000000000290000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "0ab572e43742fcd0570922b85f520648", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "005ce09701af87ffb7fee1dd8b821c65fb6ac84a", "sha256_hash": "8c184b79b5de1a0f0cf8d6cbf556b6a0674cc7289d9e52cec225cc1b6c216044", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000635-addr_0x00000000001c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00000635-addr_0x00000000001c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "47b27becdd949beee505481685ac96bf", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8108e08dd318eda76f6d41b028ca6826b24515f", "sha256_hash": "370f96df145c0c657c8f2d3fa23974675292f89cf50cb93fc92610253f5c8b82", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000636-addr_0x00000000005a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000636-addr_0x00000000005a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "ff0638a2f98e19862af8daeadfd4d780", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6075ce509a45f6399a9dd9a9521a0fa8ca24850b", "sha256_hash": "47de80378121901f026a3a26968246045407fcef011cc9c4547e2b5eb1025d07", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000653-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000007-region_00000653-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_135", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000654-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000007-region_00000654-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_136", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000685-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000685-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000686-addr_0x00000000001a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000686-addr_0x00000000001a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000724-addr_0x0000000002090000-size_0x00000000001d0000-perm_rw.bin", "filename": "process_00000007-region_00000724-addr_0x0000000002090000-size_0x00000000001d0000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "5a6140844676ab662405d5ced5e845f1", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18889a747a4c310d5e51204ee8f11b200df8c6fb", "sha256_hash": "37cdbeab1479b1f906254e366688443de2045771339f7253a9b4df7ecd5cea0f", "size": 1900544, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000814-addr_0x0000000000560000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000814-addr_0x0000000000560000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "ca84d8b8d7bd6743d5fb5dd78cc94cdf", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "257d484b459040a6e497fb1b4e90676bb4a94924", "sha256_hash": "d845e26e6270af5acbc80616e8e03dda20a593ee6013339de8d1a2ccc857b7cc", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000815-addr_0x00000000020e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000815-addr_0x00000000020e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "35fe7a4246de4c9eb48105298ed3e7fd", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e40ffa9048e74905ee4faab66e0fdbd41826fa94", "sha256_hash": "298317b5f366d713bb45d587c5f5d52aec04afa22fa562349fc06ebd5ca80fa1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000816-addr_0x0000000002220000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00000816-addr_0x0000000002220000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "1623431cf2a4fc782387da91e0f65ab8", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ebdea330133d77ad7ecef558a4cde53f89f822e", "sha256_hash": "313e2efadb32f3299f041d2be4656d5e8b123718a4b06ad3f5252d4cadf582dc", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000817-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00000817-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "579c829c124728088b00a1e90bf83fe3", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ef5a528a81f649f7394da487cf871af13ece7794", "sha256_hash": "69e06a9d3ec27269226108fa9f9a0be6b1599e63c450996399cee15271394ac4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000664-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00000664-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "eefd736695ee101d40c8c591d7331677", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5dd0b04ed72a6e1465856e3a4de47b27be519a33", "sha256_hash": "63f647762860fe5e11eb5560d0cc1d19a8ab6f0d55331602098298dc697202c6", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000666-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000666-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "1eb03bc84ce1b88f51ff63c3565f5637", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5567f4cd780b3f88cedcf211cba6f42c0acc5c0b", "sha256_hash": "64bd37654c669ef3f8c9afa3448e16602c051991ff924b763d03ec1d9f6dc4f0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000669-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000008-region_00000669-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_145", "md5_hash": "bf354c423ee1b76a45c4cc36c08f90d3", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04a1bfa2fb7b4487cb9790fe5899bcc9c3434ed5", "sha256_hash": "9c721933e52cec41ab5595b6cd6266ddfa2ea926f883fd127cf93dd9bedeab09", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000670-addr_0x000000007fff2000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000670-addr_0x000000007fff2000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "7776f83b74064cd96517b6d63207b674", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fdb0094979581b21860cbc03d545c3ace659e97b", "sha256_hash": "b242179fd6a6dcd519dc06c5f367b0564ba8caa48b363a0c29900647b066eb46", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000671-addr_0x000000013f340000-size_0x0000000000013000-perm_rwx.bin", "filename": "process_00000008-region_00000671-addr_0x000000013f340000-size_0x0000000000013000-perm_rwx.bin", "id": "proc_dump_147", "md5_hash": "5a3acf313b38f96ebfa01e0e063c6a3e", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5f983fc2a5c7f0397c9e58caa02a139322425011", "sha256_hash": "e1336e0ea0723bcfe75d356e0d9ff247e1610362e0e7a6bef6fba3204e30df55", "size": 56320, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000674-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00000674-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "45a9e2761be90412662097b97a9d7a42", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3db23d2db93a421d8ad37f262cab5b5c66f73232", "sha256_hash": "95ff89789af3e12f76f1ef799b62cec20e4cdbb6445c5aabd78087fc22c7afd0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000675-addr_0x000007fffffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000675-addr_0x000007fffffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "2d73bc263c048a4304a55af0d4c005a0", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9248eb2c13bd5f6655c39c1c12a169145c1618cb", "sha256_hash": "7b0d2956bbd7e6a8b032001ada776c9fb755b8ddc1d0a96dc4f3848abd6230ad", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000676-addr_0x0000000000080000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000676-addr_0x0000000000080000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "ace8fbbc4199574cc3e8de7a4a0e5c91", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0bb4d877f73130229e4bb08063c195d1ead8f61c", "sha256_hash": "ba914f046699d7dd8478e8ee1afb5361b6de7aae3744c623d4571568ed80ab94", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000788-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000788-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "dcbb823a867116cc817dc050101e9ca4", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8a248965fc4240e40d784a83cafeb7e01348cbe7", "sha256_hash": "2cf2118e6c31bf48e6ecaff52bb8e690db8a8a5c13f687c9ad908c2fa263f552", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000789-addr_0x0000000000470000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00000789-addr_0x0000000000470000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "8ed51a06d6363e32eaa91464a3562ba5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5208444d41cf135336071852237311b9facf1b03", "sha256_hash": "fb1d63ea44d54aa92fbaf5a1d94b19472d33c9849e6cd7d5e06dc5f51eee597d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000805-addr_0x0000000000040000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000805-addr_0x0000000000040000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000806-addr_0x0000000000050000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000806-addr_0x0000000000050000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000809-addr_0x0000000001cc0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00000809-addr_0x0000000001cc0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "ed1e61b68f8a904bfeb093e122d4546b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a642c2ee5abf3bedc2d5a8657e2229d47435c03f", "sha256_hash": "7ea10bb8f55d7b701fc79ba620db7acc7483436c5a061d811dbeb5a5f8889f5e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000822-addr_0x0000000001cd0000-size_0x0000000000168000-perm_rw.bin", "filename": "process_00000008-region_00000822-addr_0x0000000001cd0000-size_0x0000000000168000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "67c8b2e46c8e30146814da619fa84d22", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54192a99bda931f2a8623fccb3a1c238444e8097", "sha256_hash": "b14093f2dff474db1ed7fdea10239385471e0396ff708e0656a4fdd2e79ca0ba", "size": 1474560, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000742-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000009-region_00000742-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "50b5cd8a723cdf2c99a316a9c458def7", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c71c1965bf142a8463c921cd8145c7cbd84b8121", "sha256_hash": "6d29bde7d1ac4f8737abd5eb1c59c94606da2041221987e97ff8b8b84847a9dd", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000743-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00000743-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "2f2af10a2d86c647962c0fbe3e265d54", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7cffb74014119e044af4018e7b6b6bf0b2822902", "sha256_hash": "1db5f4bf59e1f0fdefd6f8da4a58deca4ba5a3b8325aff2106af53cd460f67b8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000747-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000747-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "154fb9dc3785c3b45bdc4dfd034b1c91", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dfad5a93b54a9f67ce49cbd2fcedd3b58b717027", "sha256_hash": "a3527d2eab4175b428c0e5b2267237eb014a60032e4f30fcc1733ec97873b661", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000748-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000748-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "ed0adbe01042eea639169dd7adab7931", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e0c6aa65203171e6945c824651956b2c1545dce6", "sha256_hash": "d3b2491eb419ff62ace155f6bc1037569d88543a8ff0cc21cc7dcbd950f382ad", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000753-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000009-region_00000753-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "924a185f266abc8f8cfa0de94b517b97", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a38f9288912b08f5807999e2a6c2de60d73175a7", "sha256_hash": "b7cf373552553802158bdfb884183585b22ebfb7fe6434e9011b1fee1bd7bb51", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000754-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000754-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "4aaf3913ebe22e3f800470f865d71864", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "79b690a5b22e6ddc18ea7afab4040d586ab6fe16", "sha256_hash": "112694dfc1535b30cee9593801be3b0ef8ca3d8602038f35f94ccecada93d588", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000755-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000755-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "85763c6760571b99b80a042dce4f0a87", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2f427905a4ed5774a6779c88cf8427d4c2ee1fb7", "sha256_hash": "8033398dbdc1e8b853f28d6ccad49756fd8781eb544b349b7daaafea1acfa62f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000757-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000009-region_00000757-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_167", "md5_hash": "e69b4fb846dade40aadb1114ec39a2eb", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9df30418202e31423a27eced37baf1a5e1f10ec", "sha256_hash": "2aa84cb2f19df03feb9e8fd6153c65c875faa1e6e36c8584f33306f4e43a83d8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000759-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000009-region_00000759-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "ede6ed28cdd98b0fd368f54bf1eaa937", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db2e5b674d44376748e865f877870d862f2d44bb", "sha256_hash": "92d98088b6b7b6ae632753f70b4cef9f6535e0126e8c8ac28d50a18c1927b58b", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000766-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00000766-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "0a3c84cd1fe9f45f88aa1f47f1d4945b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "178819f9b8371ece76a297e89c76dcb4a119eedd", "sha256_hash": "311998a71f7d0bed6da2cbef964bedf4b63a2326e2b873edd3998600e8a24696", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000767-addr_0x00000000008c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00000767-addr_0x00000000008c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "a3130f0689dbaf147f18714c05aab7b1", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dd612e4ab4626eccb38fd5553246bdceb6cb2e6", "sha256_hash": "83261a8e46804b541f71693970d338cca012046bdda6220cda4bc6edbac03187", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000784-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000009-region_00000784-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_171", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000785-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000009-region_00000785-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_172", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000799-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000799-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000800-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000800-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000813-addr_0x00000000001c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000009-region_00000813-addr_0x00000000001c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000825-addr_0x0000000000290000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000825-addr_0x0000000000290000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "31346763730a230fe887bb1e54d14a8e", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4035e1c67f4f595645ba5c0b089503d36903babb", "sha256_hash": "8e6a05cb5b77f8ff0eb706cc77a84975d1cc57c43b4c37c6404d8dcbdb21a3dc", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000826-addr_0x0000000002150000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000826-addr_0x0000000002150000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "66d8c69a34cb755bbaa62979967abee7", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df3058c4e34a1130fae49c5888b8c4e14b201a5a", "sha256_hash": "26ad5ee95f30930e47c6812c8b5adf33d5efc056023c361dbf2b059364bf8b93", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000827-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000009-region_00000827-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "96bec6040a4d9391b7ccaab13931393c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b026e18129e4c9e4ff78bb4485a66323d1f0b4f6", "sha256_hash": "7a3b4a462f84c2b204a0c30274348581746a72437045df4530e9c6f35181b63d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000831-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00000831-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "c2f88fa764194da2fbaa0caf7e1fc42c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0bf4d467243de1845a2f52bb4fc1b5a3e6dd6f74", "sha256_hash": "5cdb5bc8b0fff85e1e1cc4ea97f61608109cb3846207b33528a7b6355723c16f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001059-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000012-region_00001059-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_266", "md5_hash": "512deaae9170839c2311496f907e3b0e", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "21839fb220ccc27f8b456df53e0ab236ccf3b979", "sha256_hash": "2e67684efc20c2b7ec2672409bd2556d9713f4af90e5b914a09476167ef56fa2", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001060-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000012-region_00001060-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_267", "md5_hash": "b5c4430fc843edcd38ee2e5aebaf0574", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f0b92264d0a59303f174e6ec49f9170b666280ce", "sha256_hash": "ffdd574ea574ef981bf7e93ff5dd28eb9df5fc3def5dcbd4e4c4c7a5d3dcc423", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001070-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000012-region_00001070-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_268", "md5_hash": "2c4444708d6b8fb8276a5affce4bf016", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "613143eb5e50bdd7646731f340bd6000bbbc72d7", "sha256_hash": "562403325bde19d45bb260342ea59d7dbd602feb447b167fe74c3cd0e6caaa19", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001071-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001071-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_269", "md5_hash": "ef7d824ee27606be23d9ea61a65ae9ae", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e768e81d69f6a411d989c6988442156086d9e215", "sha256_hash": "f4d865c3b2eaa8d1ebcab7bd25075639e474d71bd359c6d50bf1e65729693839", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001072-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001072-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_270", "md5_hash": "b41f0ea30eb9c3a7ec280bdb6702d092", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04f0924cda3bd9dcd4754b8d6baad11a04bbe8fd", "sha256_hash": "44980f85e58808c1230f0aeadf80ad038fdec75e670c57a85025ca14e34dfb3a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001074-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000012-region_00001074-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_271", "md5_hash": "80f14c848e149e57cf96345ad567c768", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48e7135cbb988caa7716b35dbd883023336adafd", "sha256_hash": "ff908fb6f995ecdc94cb23076e79117570c225b455f27b9b6487d742278bd431", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001076-addr_0x00000000005e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000012-region_00001076-addr_0x00000000005e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_272", "md5_hash": "97e6e705c8ae51d91dd983667e07d65b", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3cc2c19d3c683c25a542d322d4e925bfad047ebc", "sha256_hash": "390656cd491afeb7f21196f294e804449cad12b85fc67560d9323bed7a6ae8eb", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001086-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000012-region_00001086-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "66d2216c95ffc5750c701aaaccf89aec", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aac401f0671ff246da364a8bc6204ba54d647c7c", "sha256_hash": "334a456fe472682eec75b9eb876b39de4cbc3a6864c9aff54ee4193d15623e36", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001087-addr_0x0000000000820000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000012-region_00001087-addr_0x0000000000820000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "b11eec8ae47e2b5e99186c50ca3c7d80", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14caa736098a68ebf3074f112a6924935c60815e", "sha256_hash": "9d288b7d2697b743b0ba26ee9a561aa3105acdfb7c25fb2c6f0b6821310a1068", "size": 114688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001110-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001110-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001111-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001111-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_278", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001118-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000013-region_00001118-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "5b604fb21043599869547aca015e2ce2", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ea9e3d60a25253b197c4ffc3397719c30c3ce719", "sha256_hash": "54b4654c5897f6802532b3bce8cb508d848e80d10e14c582fcd58a666c550187", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001119-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000013-region_00001119-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_281", "md5_hash": "7d3e933f47858cb361c620fe7656f8a5", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c6885e298c25229ba1dcf1106ee404a5a13b0ef0", "sha256_hash": "d3c2aefb9e444d28164b228af66c8401838d8e6db2b1d40f93bb9dbc61e8ad8d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001123-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000013-region_00001123-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_282", "md5_hash": "b090c1b2d7d36b559c31603ae126a83b", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3cb022aca85cd4b8d59b31e3bb9ce0946e42e23d", "sha256_hash": "39c7d5c718e93987939ee61c221687bb38856fe951d10ca1db6d1c7a76bf282b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001124-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000013-region_00001124-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_283", "md5_hash": "3122a08e85496c3f1cceaaeb5054bf8d", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6aa5a0110b426b32534e4f6394292b4124d75235", "sha256_hash": "2ee0d7db8c44559ea23998ddbba01d59c61583879dbef1d8eeec4d699800eded", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001129-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000013-region_00001129-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_284", "md5_hash": "7c89b8df8b50b3a1f13b81ee556326ae", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf9e5731fb33b0fb5e579066314d4231dd1ff353", "sha256_hash": "34cb5de12e352de296dc25fd07c3628d07786e940ab995bc9b7df9af09fb493c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001130-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00001130-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_285", "md5_hash": "fd93e4622a6f05fa2daa37b9e7e66be2", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d01bd8193d2580f2d9bbd3bb211e5b85ccc9b35", "sha256_hash": "45ac7142c374840aa5901e39b827bdf9b416e0bd27d81930cc565dad2f5aff16", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001131-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00001131-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_286", "md5_hash": "8a6f68cfb1d91979c3f90e5acfe2848a", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eaad5260c3732a774dfbbf4a72b7ab1c6bbb0d09", "sha256_hash": "6aae28d5dfedfca55acc74e4648179c07e38fa223cf0a5d004239e113b5d5a83", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001133-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000013-region_00001133-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_287", "md5_hash": "3d05b3a2a7b8d3179c2de44f1590de4e", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e152ffff3f2597b4ec732c58c1d94217368d2ef", "sha256_hash": "cd89abfc5a068748a2a0ab1f2cf0f670bee88527a7629d08fca4ac9a5d1bf83e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001136-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000013-region_00001136-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_289", "md5_hash": "3a1be0766fa33a5d54dc0bbfc58e0177", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2f5d08a318cb3fd1b948a60ce48569a1f4ef1de", "sha256_hash": "f355ebe21f9aa1a5a170e17783d7f022a5aea174d4294e4912d595d900f4c0b5", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001143-addr_0x0000000000490000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000013-region_00001143-addr_0x0000000000490000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_290", "md5_hash": "cdab80e38625aaa952e601579ef9b507", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "787f6b4cdcc62889b5979cfe0be17789c1a09ce5", "sha256_hash": "de468fe7a48d663093388b2f20fc19b851c9b1c36ad510ecb37b7176101364f2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001144-addr_0x0000000000680000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000013-region_00001144-addr_0x0000000000680000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_291", "md5_hash": "90a3b0d697bc1612328dfa32cf964d82", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "46a7f44ec64d7326b21362a9e3e4a6feb9f59241", "sha256_hash": "bdd7d02693506840b1f5d1886a0cfa9d8bf4e2ffb07fe38a8436130830fb319c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001161-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000013-region_00001161-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_292", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001162-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000013-region_00001162-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_293", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001172-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00001172-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001173-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000013-region_00001173-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_296", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001182-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000014-region_00001182-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "922e0d31cc976e8671f04d466c4a92ef", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cd3640ab153568eb0c2d125fee2a405ce2c8c006", "sha256_hash": "71834784709fb9fafa0853d1f9cbafaaffa17fd3b8f444b6a25dff24ba38cf13", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001183-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000014-region_00001183-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "019c7bb7489b3826e2926ca5f832a81a", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6fe6b3025dfe9c14f1bed4d3d68970c6fff4d1f9", "sha256_hash": "fc2ed52b5fb6b198451e4ff9500a32c76f82ae3b0426768d10d24334eda4251c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001187-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000014-region_00001187-addr_0x00000000000f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "7efa464cfcd5fb8c9a512c9da21f2118", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3c66d9a60727ce8aced2263e6b33e1834a2546e6", "sha256_hash": "c902ea912e792e162fa4ffcc4fbdc967c80a996f12d7b6e376586cdfcd6b4cc2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001188-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000014-region_00001188-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "33bad8bca7b322c256eee4103aa0f7b1", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "412680288b1175e356dd3b900dcf81b887f42abc", "sha256_hash": "c556c3285d004557804289c5fed91ca74d00726dbe2b7727c49961f5e1bf12b8", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001193-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000014-region_00001193-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_303", "md5_hash": "308301b4fb4bef8a83f38abb050c6cc6", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2748700f36d1a8a3ef2da9f6c90ed1b988eab564", "sha256_hash": "bf76aa94886573a7b24efdceb8531ac47755902fa8b88a906e34f478303d9e3c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001194-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001194-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_304", "md5_hash": "a35b63b320424ad292da5d85f9dd5b89", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "32fcc5962582c42d5c028a6ed3e7236977f0b604", "sha256_hash": "0413d9a7490c83767574d405d7eaaff51804630d5814990ff720e21149beee87", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001195-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001195-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_305", "md5_hash": "bc191e12fbb9b90c3d731bf264b4f96c", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "620e7ff9b7b1b8b800af3fc52419f247324ef8f4", "sha256_hash": "57efcfd4a7ff7f8cee023e354573911a095ad5c8986411fa3825d37e56ce7f49", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001197-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000014-region_00001197-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_306", "md5_hash": "bb268b1583813c60072a3524804a1095", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c6942564e809dd36421d747898c5fb2e1d48d8b", "sha256_hash": "7f24d3695aeda57c82a48e210452ad41b0920ed39ee8bade030ae8b16f618165", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001199-addr_0x00000000003b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000014-region_00001199-addr_0x00000000003b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_307", "md5_hash": "ebf3282e26767cfbc6f8929c740f9020", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "11e24c78c247d93b1f063a97a3e90d555fde9994", "sha256_hash": "3fd0c7a6cb2f9f097713c949b525d4b1137118c9b6e2699fdb2ce7ce2d7ca6be", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001206-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000014-region_00001206-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_308", "md5_hash": "1e78dd3c2e9a46a51ea05a33e017fa6d", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3be9b381cfe3c61e8bd855cbead67f4df694bc4f", "sha256_hash": "a1e7c3c53b93747c63520d0899c22642f7aaf0c80547c0bafd537b51ae311229", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001207-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000014-region_00001207-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_309", "md5_hash": "fbf1429c17cd889298176a55cda0bcfe", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6da7ccd47fd18c31a7f9f9eea2b544d3d57f8eb1", "sha256_hash": "dcf688748435ee9efd9fc7aa9c92be525e5f59861df74d4fa4e49d5c9aeeb240", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001224-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000014-region_00001224-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_310", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001225-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000014-region_00001225-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_311", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001234-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001234-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_312", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001235-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001235-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_313", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001246-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000015-region_00001246-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "ecc3ebd39cef672570efc49b1cb1cace", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e286a5ab726a8c2889460e1907f2471f2b7eace", "sha256_hash": "5590c0e88afef13eeb08db9d19776c6d8ce761eb75f759d2b6320112a73331e7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001247-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000015-region_00001247-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_317", "md5_hash": "9139760caa174f0bf0fac88ad85e6e4d", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "689a088774976802a54ac72b861c65c0cdade671", "sha256_hash": "60d2308bf4c1f4da978a56aed6dc1039da40f6429fc067c41558dc12456d9081", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001251-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000015-region_00001251-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_318", "md5_hash": "fa8558a7d7a3d35ce062c12c060725ec", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d72ce3c709bb879cd320c2f60de4dacb90f33d2", "sha256_hash": "9721d2670b461bf9f10d08cdeecf5663304a1a0411cbc00822ce556601e0defd", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001252-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000015-region_00001252-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_319", "md5_hash": "936f3ebaf6adf3bb94d2c50b82e196d9", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "359a9475d931015a02e92e876819f1b6fd550911", "sha256_hash": "9450cd7f30912752bd2218ac5e20723b805315638fda9c2c8090a1621a698ecb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001257-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000015-region_00001257-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_320", "md5_hash": "a1612fe4bd71967c6963f5e723f534ba", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5933423e9374bb633a8a9d779147596995c19848", "sha256_hash": "6309b5091a30db5182a72b9bdc5a33103db1d5eaff282af45f77b2ff8c6a6626", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001258-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00001258-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_321", "md5_hash": "9dfd2ef3f669d8f0ba7edbdb1f53ea74", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "865fac26f89d6ae3a6c2da461a00690d1e3379b2", "sha256_hash": "411c4285a9b2ea06df0a2e6021f4416657b9b8badab42ad2a9f0ee505cde1713", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001259-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00001259-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_322", "md5_hash": "85d8e78ff7f09d1296db6ebc01b145a6", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8569fa5c4e454feadd275e4e54444fed44d66bf3", "sha256_hash": "2d99c6aeb000ecbe58c1619d85415a655b6e3356689a842f8218517bef762f12", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001261-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000015-region_00001261-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_323", "md5_hash": "dfc56dae7d9dfe6e255bf1676a6d5003", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c939c56e5f200b71ede16f1b8811d5886fba8dd8", "sha256_hash": "f3625fb531b6fb1ea6aa339ef1e3ffa5cafd632fa9d59832ce4f3be310244715", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001263-addr_0x0000000000140000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000015-region_00001263-addr_0x0000000000140000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_324", "md5_hash": "4d515277eb004072a993a711c9ac1e18", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e17c2a060a9ced0083b64120a734a776d3848ce3", "sha256_hash": "249d2195dc057867840ab4189efc522382309d085527a03289962e1a062fefb8", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001270-addr_0x00000000001e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000015-region_00001270-addr_0x00000000001e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_325", "md5_hash": "5985a8c7c0f38a3b26caa64e24a0efc9", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a449e80843d47e061f8ab415ae093ce03b6a8722", "sha256_hash": "311314b578d7d33cf683cdb0023d4706d5005423e9b7ea978e6f3fd7acf76ea5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001271-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000015-region_00001271-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_326", "md5_hash": "3d2ffcea9af8deca2e41b85f20edf9da", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14ddebfe9188aecdbda76603e7bec78474b846f8", "sha256_hash": "87f40ed878b09edd09447494f782bd861fac27e1ef84edffc500fc4dfcff6d51", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001288-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000015-region_00001288-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_327", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001289-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000015-region_00001289-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_328", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001298-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00001298-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_329", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000015-region_00001299-addr_0x00000000001d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000015-region_00001299-addr_0x00000000001d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_330", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001305-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000016-region_00001305-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_331", "md5_hash": "c872ce3b2d1a173af8a89dd9cbe453ff", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "acb87ec591a52b50a30f8d0582d09a5ee2a88db9", "sha256_hash": "01122d5f6b956863665161643bc655524e7aa83c61467800833a7d258c8df0bc", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001306-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000016-region_00001306-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_332", "md5_hash": "01fc4124c62af41940b8d44914c8a453", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e801e16b6b7c736c9b6a0e477755553a1db8dc8b", "sha256_hash": "f22b12ad919c99b1239b1814f283baa55a501dae9905482448abdf9adee9c3cd", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001310-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000016-region_00001310-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_333", "md5_hash": "aba44bce7194c73dca6b646aec89b000", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0705c47fd91f680dd04c2de4ff0c4379e8f32aa4", "sha256_hash": "5d2dfcb98496f05c2a2eec754c5bbfa97619a483216a3c4d5e824204f4069256", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001311-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000016-region_00001311-addr_0x0000000000180000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_334", "md5_hash": "3fe152c3a4dc0ea0fc06ebd0e5d5d184", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52c33febe7bb0a4a9fc8ce485d5161e285fde547", "sha256_hash": "24741deba3faf2ea5e5badbae4553bb98b078c0ed7ed3379b5b39e0cf3b88635", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001316-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000016-region_00001316-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_335", "md5_hash": "78deb822c145cb3beb41c59c07808f63", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2df6f3fdeacac78fb1962770ad4ef5854f83ca77", "sha256_hash": "888261b1c32306483c82de900d10ee79e26a6e80a078c5e0d44c68febb5dd079", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001317-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001317-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_336", "md5_hash": "2b641ba391845a49762f5c460b2573b6", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6bab29b99df11acd5171a77b5f3c95b6d4d0be41", "sha256_hash": "d4fed238af5ad4a6898d709af919fddf23aa36820f1b0432a3c9f89da83b2781", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001318-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001318-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_337", "md5_hash": "929cbdf04abded6cd5501af80d430b14", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d86d4145859a8a092283480abcf89fc573fe3ca0", "sha256_hash": "1f57603401ada66b1a25b760a191f1eafb65debdd0d4e20ae171477089be507b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001320-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000016-region_00001320-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_338", "md5_hash": "79df9c7b609809d8149d326ab9934b61", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ba2d929c47d59daa5988464529b2b849e3c5e624", "sha256_hash": "9d019f8bccbfcb5018078a4826fe5ffe83fec8be0cf9b9383b736125c96aad29", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001322-addr_0x0000000000280000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000016-region_00001322-addr_0x0000000000280000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_339", "md5_hash": "c93c0b1a03d4cc05d5a00b8160ae016e", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ae72d411fac3e9916305a8aaaffbbd07ff634d0a", "sha256_hash": "8adf8d11845f2c84007470bcfd3a107a8ad04332a6b2432d7ff0c3b927e48303", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001329-addr_0x00000000003c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000016-region_00001329-addr_0x00000000003c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_340", "md5_hash": "8a2654475cc98967ad42335edc8df530", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88256a3d63d9b2737af8152b4564643478d4fd8e", "sha256_hash": "9a7e92d487adfeadca8781655444ebc73a4da1aa4d000f8fd4af98ac57777486", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001330-addr_0x0000000000610000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000016-region_00001330-addr_0x0000000000610000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_341", "md5_hash": "95a6c80a2df4cbbe99c15aa9cb91f0c4", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2015f2bc15b10359ef5899ada4238d8a22f6acdb", "sha256_hash": "6ce4a224832fd7da4bfe80d7a8ad5297f4792b045e31b3f64357c786fe6742e6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001347-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000016-region_00001347-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_342", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001348-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000016-region_00001348-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_343", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001357-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001357-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_344", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001358-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001358-addr_0x0000000000150000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_345", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001364-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000017-region_00001364-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_346", "md5_hash": "efb322f912b3bda7df1f83ba4a3a3e50", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "540e18fd4fe11650ea01154f1037c1812ffec50f", "sha256_hash": "57fc2f81a3f7d653adc399fe50ca5cc29a07fe527c4ffeeb371a13f80fe19bc3", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001365-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000017-region_00001365-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_347", "md5_hash": "637a9e9a140de37ba72bb87135183674", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bd1f6948ff236b062ff3a66e15f189a115c70e3c", "sha256_hash": "25b48c5efc9c9fc58c2beea5abe760e1a0ef21e5e9da86e77687795621db9e29", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001369-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000017-region_00001369-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_348", "md5_hash": "e361bf51818de8829bd08e289e6f7a68", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5769d86d508ab3c3ec738767cbc6367a34862e23", "sha256_hash": "6b91d2b3bd5bf299de3e1261ae9a2822191c51a038e754c28f3c4c346bd10a74", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001370-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000017-region_00001370-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_349", "md5_hash": "787f86960ce2b2e9f1a09140ad7ffb04", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "505ffdaed853cd46d5b40693578e4e9c819b54de", "sha256_hash": "18a8ebde165198e9c00c3e6c30174ec2df29d5d20ca8d675db68230330f39c20", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001375-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000017-region_00001375-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_350", "md5_hash": "643bb5cc6c23b3f3295d427213c3354c", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81c19bca8e1775291f19c7f83f7c87d3a12af475", "sha256_hash": "27f83107010d07c0efd05775279ed24bdbb17add9c4adae6e0c9762688a666de", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001376-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000017-region_00001376-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_351", "md5_hash": "27777c3ed6bddd836c86b2b11b98d24c", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f6f75b42c426c9a17d5ec35858e724173800377", "sha256_hash": "76e0f59bfba6db74cf810b95d698d3b33841eb1605a1819920c2401c2f94106f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001377-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000017-region_00001377-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_352", "md5_hash": "5c490834a329b891e25a185a77b032ba", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a4761d0d7d0761eb298298d3b7d4c8e105611ad", "sha256_hash": "6a7678ed754675b327ddfb5e946e8018132f62474e66f3efae853da5ad05e41b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001379-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000017-region_00001379-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_353", "md5_hash": "0d8d91814b0c871208847485c0ce3618", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "67ba9c411983867eaf214f69569e3eb8a116fcfa", "sha256_hash": "8d1719ab12763da50f7cebd703ae778b5d62ee997c1649ea193a5a8ed1f8432d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001381-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000017-region_00001381-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_354", "md5_hash": "85111ea152469b714174cde59b80bc93", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c1be5eb3e670cc2c4cf1486f6f5bfb63d6ca07f", "sha256_hash": "0c7e1fd2f5194069790ad52e8d20c09c127d2b3d376dcaac70ec38139237e54c", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001388-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000017-region_00001388-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_355", "md5_hash": "b6b4689cec73f95bfbde3d8d8b0b2ad8", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "344a10e7bb050e1d4b84e02d320c78ee84ad87a6", "sha256_hash": "320ef3842eb5a28157063d117791ea27f4231a24db2b29cdf29b950779c3e716", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001389-addr_0x0000000000530000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000017-region_00001389-addr_0x0000000000530000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_356", "md5_hash": "d944128999b3b25af55c44ba34934ffe", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0300ac51fa59c36ae80cebf0c5493cb95fae815e", "sha256_hash": "b68012e80c27a73d8a4ea0442fde41a36a381d6c5829ea492128716e2b8ed795", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001408-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000017-region_00001408-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_357", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001409-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000017-region_00001409-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_358", "md5_hash": "e0257c47598dd5e5006590d9c4d4bde1", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "80413583c977ad3e5981e5a0afdfba467064b9c6", "sha256_hash": "0e36bbe86417cae3773c9ccb385d6d5a01ae11c567d6d824a26a15314b6dc83c", "size": 729088, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ifzkkpwij.exe\" ", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ifzkkpwij.exe", "id": "proc_1", "image_name": "ifzkkpwij.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:11.092", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:11.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:11.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:11.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_5", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:11.095", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000006-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_6", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:11.096", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000007-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_7", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:11.096", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000008-addr_0x0000000000ff0000-size_0x0000000000012000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 16785407, "entry_point": 16711680, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ifzkkpwij.exe", "id": "region_8", "name": "ifzkkpwij.exe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ifzkkpwij.exe", "region_type": "memory_mapped_file", "start_va": 16711680, "timestamp": "00:00:11.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_9", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:11.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_10", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:11.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_11", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:11.261", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000012-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_12", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000013-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_13", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000014-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_14", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_15", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:11.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000016-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_16", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:11.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_17", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:11.263", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000150-addr_0x0000000000490000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_150", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:12.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951006720, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_151", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:12.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951072256, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_152", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:12.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951465472, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_153", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:12.731", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000154-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7471103, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:00:12.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985675264, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_155", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:12.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986002944, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_156", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:12.799", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000157-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_157", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:13.011", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000158-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:13.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_159", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:13.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_160", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:13.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_161", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:13.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957429248, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_162", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:13.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957494784, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_163", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:13.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959395328, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_164", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:13.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960443904, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_165", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:13.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961361408, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_166", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:13.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961492480, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_167", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:13.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1975033855, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_168", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:00:13.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978531840, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_169", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:13.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980170240, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_170", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:14.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983840256, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_171", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:14.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985019904, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_172", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:14.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990459392, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_173", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:14.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_174", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:14.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:14.367", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000176-addr_0x0000000000840000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_54", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8716287, "entry_point": 0, "filename": null, "id": "region_176", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:00:14.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 10321919, "entry_point": 0, "filename": null, "id": "region_177", "name": "pagefile_0x0000000000850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8716288, "timestamp": "00:00:14.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957888000, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_178", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:14.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960509440, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_179", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:14.396", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000180-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_55", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000181-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_56", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_181", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 11931647, "entry_point": 0, "filename": null, "id": "region_182", "name": "pagefile_0x00000000009e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10354688, "timestamp": "00:00:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 16842752, "type": "region", "version": 1 }, "end_va": 37814271, "entry_point": 0, "filename": null, "id": "region_183", "name": "pagefile_0x0000000001010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16842752, "timestamp": "00:00:14.410", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\rundll32.exe C:\\Windows\\infpub.dat,#1 15", "filename": "c:\\windows\\syswow64\\rundll32.exe", "id": "proc_2", "image_name": "rundll32.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000184-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_57", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:14.446", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000185-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_58", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_185", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:14.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_186", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:14.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_187", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_188", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_189", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_190", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 16449536, "type": "region", "version": 1 }, "end_va": 16506879, "entry_point": 16449536, "filename": "\\Windows\\SysWOW64\\rundll32.exe", "id": "region_191", "name": "rundll32.exe", "norm_filename": "c:\\windows\\syswow64\\rundll32.exe", "region_type": "memory_mapped_file", "start_va": 16449536, "timestamp": "00:00:14.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_192", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:14.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_193", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:14.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_194", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:14.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:14.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:14.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_197", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:14.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:14.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:14.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:14.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:14.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_202", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:14.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_203", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:14.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_204", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:14.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_205", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:14.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:14.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4157439, "entry_point": 3735552, "filename": "\\Windows\\System32\\locale.nls", "id": "region_207", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3735552, "timestamp": "00:00:14.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_208", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:14.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_209", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:14.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_210", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:14.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_211", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:14.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_212", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:14.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_213", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:14.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_214", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:14.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_215", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:14.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_216", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:14.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_217", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:14.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_218", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:14.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1988558848, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1988558848, "filename": "\\Windows\\SysWOW64\\imagehlp.dll", "id": "region_219", "name": "imagehlp.dll", "norm_filename": "c:\\windows\\syswow64\\imagehlp.dll", "region_type": "memory_mapped_file", "start_va": 1988558848, "timestamp": "00:00:14.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_220", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:14.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:14.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:14.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_223", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:14.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:14.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:00:14.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 7241727, "entry_point": 0, "filename": null, "id": "region_226", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:00:14.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_227", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:14.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_228", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:14.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_229", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:14.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_230", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:14.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:14.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_233", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8851455, "entry_point": 0, "filename": null, "id": "region_234", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 12333055, "entry_point": 0, "filename": null, "id": "region_235", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13631488, "type": "region", "version": 1 }, "end_va": 13893631, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x0000000000d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 13631488, "timestamp": "00:00:14.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 16515072, "type": "region", "version": 1 }, "end_va": 37486591, "entry_point": 0, "filename": null, "id": "region_237", "name": "pagefile_0x0000000000fc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16515072, "timestamp": "00:00:14.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1954283520, "type": "region", "version": 1 }, "end_va": 1954562047, "entry_point": 1954283520, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_238", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1954283520, "timestamp": "00:00:14.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 1954611200, "type": "region", "version": 1 }, "end_va": 1954824191, "entry_point": 1954611200, "filename": "\\Windows\\SysWOW64\\adsldpc.dll", "id": "region_239", "name": "adsldpc.dll", "norm_filename": "c:\\windows\\syswow64\\adsldpc.dll", "region_type": "memory_mapped_file", "start_va": 1954611200, "timestamp": "00:00:14.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1954873344, "type": "region", "version": 1 }, "end_va": 1954918399, "entry_point": 1954873344, "filename": "\\Windows\\SysWOW64\\dsauth.dll", "id": "region_240", "name": "dsauth.dll", "norm_filename": "c:\\windows\\syswow64\\dsauth.dll", "region_type": "memory_mapped_file", "start_va": 1954873344, "timestamp": "00:00:14.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1954938880, "type": "region", "version": 1 }, "end_va": 1955000319, "entry_point": 1954938880, "filename": "\\Windows\\SysWOW64\\samcli.dll", "id": "region_241", "name": "samcli.dll", "norm_filename": "c:\\windows\\syswow64\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1954938880, "timestamp": "00:00:14.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1955004416, "type": "region", "version": 1 }, "end_va": 1955094527, "entry_point": 1955004416, "filename": "\\Windows\\SysWOW64\\dhcpsapi.dll", "id": "region_242", "name": "dhcpsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpsapi.dll", "region_type": "memory_mapped_file", "start_va": 1955004416, "timestamp": "00:00:14.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1955135488, "type": "region", "version": 1 }, "end_va": 1955188735, "entry_point": 1955135488, "filename": "\\Windows\\SysWOW64\\browcli.dll", "id": "region_243", "name": "browcli.dll", "norm_filename": "c:\\windows\\syswow64\\browcli.dll", "region_type": "memory_mapped_file", "start_va": 1955135488, "timestamp": "00:00:14.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955262463, "entry_point": 1955201024, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_244", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:00:14.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955368959, "entry_point": 1955266560, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_245", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:00:14.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955397632, "type": "region", "version": 1 }, "end_va": 1955434495, "entry_point": 1955397632, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_246", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1955397632, "timestamp": "00:00:14.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955532799, "entry_point": 1955463168, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_247", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:00:14.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1955594240, "type": "region", "version": 1 }, "end_va": 1955667967, "entry_point": 1955594240, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_248", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1955594240, "timestamp": "00:00:14.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1955725312, "type": "region", "version": 1 }, "end_va": 1955753983, "entry_point": 1955725312, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_249", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1955725312, "timestamp": "00:00:14.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1955790848, "type": "region", "version": 1 }, "end_va": 1955905535, "entry_point": 1955790848, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_250", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1955790848, "timestamp": "00:00:14.679", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000251-addr_0x0000000074950000-size_0x0000000000068000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 425984, "start_va": 1955921920, "type": "region", "version": 1 }, "end_va": 1956347903, "entry_point": 1955921920, "filename": "\\Windows\\infpub.dat", "id": "region_251", "name": "infpub.dat", "norm_filename": "c:\\windows\\infpub.dat", "region_type": "memory_mapped_file", "start_va": 1955921920, "timestamp": "00:00:14.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1975033855, "entry_point": 1962677761, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_252", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:00:14.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1979514880, "type": "region", "version": 1 }, "end_va": 1979539455, "entry_point": 1979514880, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_253", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1979514880, "timestamp": "00:00:14.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_254", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:14.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1981730815, "entry_point": 1980563456, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_255", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:00:14.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1982615551, "entry_point": 1982332928, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_256", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:00:14.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1982791680, "type": "region", "version": 1 }, "end_va": 1983008767, "entry_point": 1982791680, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_257", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1982791680, "timestamp": "00:00:14.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987117056, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_258", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:14.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995702272, "type": "region", "version": 1 }, "end_va": 1995751423, "entry_point": 1995702272, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_259", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1995702272, "timestamp": "00:00:15.007", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000260-addr_0x00000000001a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_60", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:00:15.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:15.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1950416896, "type": "region", "version": 1 }, "end_va": 1950941183, "entry_point": 1950416896, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_262", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1950416896, "timestamp": "00:00:15.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 13299711, "entry_point": 0, "filename": null, "id": "region_263", "name": "pagefile_0x0000000000bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12386304, "timestamp": "00:00:15.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15073280, "type": "region", "version": 1 }, "end_va": 15335423, "entry_point": 0, "filename": null, "id": "region_264", "name": "private_0x0000000000e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 15073280, "timestamp": "00:00:15.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1950285824, "type": "region", "version": 1 }, "end_va": 1950363647, "entry_point": 1950285824, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_265", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1950285824, "timestamp": "00:00:15.043", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000266-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_266", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:15.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15335424, "type": "region", "version": 1 }, "end_va": 15597567, "entry_point": 0, "filename": null, "id": "region_267", "name": "private_0x0000000000ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15335424, "timestamp": "00:00:15.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15859712, "type": "region", "version": 1 }, "end_va": 16121855, "entry_point": 0, "filename": null, "id": "region_268", "name": "private_0x0000000000f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 15859712, "timestamp": "00:00:15.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_269", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:15.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 0, "filename": null, "id": "region_270", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:00:15.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 0, "filename": null, "id": "region_271", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:00:15.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1954152448, "type": "region", "version": 1 }, "end_va": 1954242559, "entry_point": 1954152448, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_319", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1954152448, "timestamp": "00:00:15.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2539519, "entry_point": 2293760, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_320", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:15.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2539519, "entry_point": 2298509, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_321", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:15.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1954131967, "entry_point": 1953895053, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_325", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:00:15.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 425984, "start_va": 13893632, "type": "region", "version": 1 }, "end_va": 14319615, "entry_point": 0, "filename": null, "id": "region_326", "name": "private_0x0000000000d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 13893632, "timestamp": "00:00:15.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_329", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:15.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1981730815, "entry_point": 1980568970, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_330", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:00:15.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995702272, "type": "region", "version": 1 }, "end_va": 1995751423, "entry_point": 1995711374, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_331", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1995702272, "timestamp": "00:00:15.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1956249600, "type": "region", "version": 1 }, "end_va": 1956364287, "entry_point": 1956291633, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_332", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1956249600, "timestamp": "00:00:15.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1979514880, "type": "region", "version": 1 }, "end_va": 1979539455, "entry_point": 1979520898, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_333", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1979514880, "timestamp": "00:00:15.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1956212735, "entry_point": 1956188813, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_334", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:00:15.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1982791680, "type": "region", "version": 1 }, "end_va": 1983008767, "entry_point": 1982796893, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_335", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1982791680, "timestamp": "00:00:15.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000336-addr_0x00000000023c0000-size_0x00000000001c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1835008, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 39321599, "entry_point": 0, "filename": null, "id": "region_336", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:15.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1956052992, "type": "region", "version": 1 }, "end_va": 1956126719, "entry_point": 1956057600, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_337", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1956052992, "timestamp": "00:00:15.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1955921920, "type": "region", "version": 1 }, "end_va": 1955991551, "entry_point": 1955926784, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_338", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1955921920, "timestamp": "00:00:15.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1955893247, "entry_point": 1955861926, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_339", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:00:15.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1955725312, "type": "region", "version": 1 }, "end_va": 1955827711, "entry_point": 1955730201, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_340", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1955725312, "timestamp": "00:00:15.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955721215, "entry_point": 1955664545, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_341", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:00:15.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1955594240, "type": "region", "version": 1 }, "end_va": 1955647487, "entry_point": 1955599056, "filename": "\\Windows\\SysWOW64\\browcli.dll", "id": "region_342", "name": "browcli.dll", "norm_filename": "c:\\windows\\syswow64\\browcli.dll", "region_type": "memory_mapped_file", "start_va": 1955594240, "timestamp": "00:00:15.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955553279, "entry_point": 1955505834, "filename": "\\Windows\\SysWOW64\\dhcpsapi.dll", "id": "region_343", "name": "dhcpsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpsapi.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:00:15.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1955397632, "type": "region", "version": 1 }, "end_va": 1955459071, "entry_point": 1955402334, "filename": "\\Windows\\SysWOW64\\samcli.dll", "id": "region_344", "name": "samcli.dll", "norm_filename": "c:\\windows\\syswow64\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1955397632, "timestamp": "00:00:15.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1955377151, "entry_point": 1955357183, "filename": "\\Windows\\SysWOW64\\dsauth.dll", "id": "region_345", "name": "dsauth.dll", "norm_filename": "c:\\windows\\syswow64\\dsauth.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:00:15.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 1955069952, "type": "region", "version": 1 }, "end_va": 1955282943, "entry_point": 1955074766, "filename": "\\Windows\\SysWOW64\\adsldpc.dll", "id": "region_346", "name": "adsldpc.dll", "norm_filename": "c:\\windows\\syswow64\\adsldpc.dll", "region_type": "memory_mapped_file", "start_va": 1955069952, "timestamp": "00:00:15.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1982615551, "entry_point": 1982337505, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_347", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:00:15.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1954742272, "type": "region", "version": 1 }, "end_va": 1955020799, "entry_point": 1954833401, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_348", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1954742272, "timestamp": "00:00:15.199", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000349-addr_0x00000000023c0000-size_0x0000000000160000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1441792, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 38928383, "entry_point": 0, "filename": null, "id": "region_349", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:15.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39059456, "type": "region", "version": 1 }, "end_va": 39321599, "entry_point": 0, "filename": null, "id": "region_350", "name": "private_0x0000000002540000", "norm_filename": null, "region_type": "private_memory", "start_va": 39059456, "timestamp": "00:00:15.203", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000351-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_351", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:15.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 38535167, "entry_point": 0, "filename": null, "id": "region_577", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:17.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38666240, "type": "region", "version": 1 }, "end_va": 38928383, "entry_point": 0, "filename": null, "id": "region_578", "name": "private_0x00000000024e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38666240, "timestamp": "00:00:17.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 42266623, "entry_point": 39321600, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_579", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 39321600, "timestamp": "00:00:17.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_602", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:17.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 13565951, "entry_point": 0, "filename": null, "id": "region_603", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:00:17.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 16187392, "type": "region", "version": 1 }, "end_va": 16449535, "entry_point": 0, "filename": null, "id": "region_604", "name": "private_0x0000000000f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 16187392, "timestamp": "00:00:17.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 43253759, "entry_point": 0, "filename": null, "id": "region_605", "name": "private_0x0000000002900000", "norm_filename": null, "region_type": "private_memory", "start_va": 42991616, "timestamp": "00:00:17.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43646975, "entry_point": 0, "filename": null, "id": "region_606", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:00:17.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43778048, "type": "region", "version": 1 }, "end_va": 44040191, "entry_point": 0, "filename": null, "id": "region_607", "name": "private_0x00000000029c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43778048, "timestamp": "00:00:17.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_608", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:17.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_609", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:17.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_610", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:17.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000657-addr_0x0000000002870000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_657", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:00:17.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000658-addr_0x00000000028b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 42926079, "entry_point": 0, "filename": null, "id": "region_658", "name": "private_0x00000000028b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42663936, "timestamp": "00:00:17.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000659-addr_0x0000000002a80000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 44826623, "entry_point": 0, "filename": null, "id": "region_659", "name": "private_0x0000000002a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 44564480, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000660-addr_0x0000000002ad0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 44892160, "type": "region", "version": 1 }, "end_va": 45154303, "entry_point": 0, "filename": null, "id": "region_660", "name": "private_0x0000000002ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44892160, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000661-addr_0x000000007efa4000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_661", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000662-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_662", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954590719, "entry_point": 1954545664, "filename": "\\Windows\\SysWOW64\\cscapi.dll", "id": "region_663", "name": "cscapi.dll", "norm_filename": "c:\\windows\\syswow64\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:17.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1954349056, "type": "region", "version": 1 }, "end_va": 1954422783, "entry_point": 1954349056, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_726", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1954349056, "timestamp": "00:00:17.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45350912, "type": "region", "version": 1 }, "end_va": 45613055, "entry_point": 0, "filename": null, "id": "region_833", "name": "private_0x0000000002b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 45350912, "timestamp": "00:00:18.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 45940735, "entry_point": 0, "filename": null, "id": "region_834", "name": "private_0x0000000002b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 45678592, "timestamp": "00:00:18.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953677311, "entry_point": 1953431552, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_835", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:00:18.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_836", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:00:18.663", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000838-addr_0x0000000000db0000-size_0x00000000000b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 720896, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 15073279, "entry_point": 0, "filename": null, "id": "region_838", "name": "private_0x0000000000db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14352384, "timestamp": "00:00:18.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1954283520, "type": "region", "version": 1 }, "end_va": 1954303999, "entry_point": 1954283520, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_839", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1954283520, "timestamp": "00:00:18.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_841", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:19.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14548992, "type": "region", "version": 1 }, "end_va": 14811135, "entry_point": 0, "filename": null, "id": "region_842", "name": "private_0x0000000000de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14548992, "timestamp": "00:00:19.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14811136, "type": "region", "version": 1 }, "end_va": 15073279, "entry_point": 0, "filename": null, "id": "region_843", "name": "private_0x0000000000e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 14811136, "timestamp": "00:00:19.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15597568, "type": "region", "version": 1 }, "end_va": 15859711, "entry_point": 0, "filename": null, "id": "region_844", "name": "private_0x0000000000ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15597568, "timestamp": "00:00:19.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44433408, "type": "region", "version": 1 }, "end_va": 44695551, "entry_point": 0, "filename": null, "id": "region_845", "name": "private_0x0000000002a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 44433408, "timestamp": "00:00:19.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46071808, "type": "region", "version": 1 }, "end_va": 46333951, "entry_point": 0, "filename": null, "id": "region_846", "name": "private_0x0000000002bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46071808, "timestamp": "00:00:19.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 46661631, "entry_point": 0, "filename": null, "id": "region_847", "name": "private_0x0000000002c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 46399488, "timestamp": "00:00:19.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 46661632, "type": "region", "version": 1 }, "end_va": 50802687, "entry_point": 0, "filename": null, "id": "region_848", "name": "pagefile_0x0000000002c80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 46661632, "timestamp": "00:00:19.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000867-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab", "id": "region_867", "name": "excellr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.333", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000869-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", "id": "region_869", "name": "excelmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.523", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000870-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelMUI.xml", "id": "region_870", "name": "excelmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excelmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.525", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000872-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_872", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.531", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000873-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_873", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.534", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000875-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", "id": "region_875", "name": "powerpointmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.539", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000876-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PowerPointMUI.xml", "id": "region_876", "name": "powerpointmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\powerpointmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:20.542", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000879-addr_0x00000000000a0000-size_0x000000000000b000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 45056, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 700415, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\PptLR.cab", "id": "region_879", "name": "pptlr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\pptlr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.150", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000881-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_881", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.343", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000882-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0018-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_882", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0018-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.376", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000884-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", "id": "region_884", "name": "publishermui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.382", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000885-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PublisherMUI.xml", "id": "region_885", "name": "publishermui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publishermui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000887-addr_0x0000000003240000-size_0x0000000000980000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 9961472, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 62652415, "entry_point": 52690944, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", "id": "region_887", "name": "publr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab", "region_type": "memory_mapped_file", "start_va": 52690944, "timestamp": "00:00:21.389", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000888-addr_0x00000000000a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\PubLR.cab", "id": "region_888", "name": "publr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\publr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.740", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000890-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_890", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.931", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000891-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0019-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_891", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0019-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:21.935", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000894-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlkLR.cab", "id": "region_894", "name": "outlklr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlklr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.449", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000896-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", "id": "region_896", "name": "outlookmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.648", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000897-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\OutlookMUI.xml", "id": "region_897", "name": "outlookmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\outlookmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.658", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000899-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_899", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.663", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000900-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001A-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_900", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001a-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.666", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000902-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_902", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.673", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000903-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_903", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:22.676", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000972-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordLR.cab", "id": "region_972", "name": "wordlr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordlr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:23.757", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000974-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", "id": "region_974", "name": "wordmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:23.951", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000975-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-001B-0409-1000-0000000FF1CE}-C\\WordMUI.xml", "id": "region_975", "name": "wordmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-001b-0409-1000-0000000ff1ce}-c\\wordmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:23.953", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000978-addr_0x00000000000a0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 671743, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.cab", "id": "region_978", "name": "proof.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:24.379", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000980-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", "id": "region_980", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:24.604", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000981-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.en\\Proof.xml", "id": "region_981", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.en\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:24.607", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000984-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.cab", "id": "region_984", "name": "proof.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:25.108", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000986-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", "id": "region_986", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:25.343", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000987-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.es\\Proof.xml", "id": "region_987", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.es\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:25.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000990-addr_0x00000000000a0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.cab", "id": "region_990", "name": "proof.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:25.972", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000992-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", "id": "region_992", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.168", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000993-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proof.fr\\Proof.xml", "id": "region_993", "name": "proof.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proof.fr\\proof.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000995-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", "id": "region_995", "name": "proofing.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000996-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Proofing.xml", "id": "region_996", "name": "proofing.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\proofing.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.177", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000998-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_998", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.180", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000999-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-002C-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_999", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-002c-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.183", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001001-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", "id": "region_1001", "name": "office32mui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.188", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001002-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Office32MUI.xml", "id": "region_1002", "name": "office32mui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\office32mui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.191", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001004-addr_0x0000000003240000-size_0x00000000002cc000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2932736, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 55623679, "entry_point": 52690944, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", "id": "region_1004", "name": "owow32lr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab", "region_type": "memory_mapped_file", "start_va": 52690944, "timestamp": "00:00:26.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001005-addr_0x00000000000a0000-size_0x000000000000c000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 49152, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 704511, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\OWOW32LR.cab", "id": "region_1005", "name": "owow32lr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\owow32lr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.298", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001007-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1007", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.351", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001008-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0043-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1008", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0043-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001011-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfLR.cab", "id": "region_1011", "name": "inflr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\inflr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:26.996", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001013-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", "id": "region_1013", "name": "infopathmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.195", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001014-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\InfoPathMUI.xml", "id": "region_1014", "name": "infopathmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\infopathmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001016-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1016", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.202", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001017-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_241", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0044-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1017", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0044-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.205", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001019-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1019", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.210", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001020-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1020", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.212", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001023-addr_0x00000000000a0000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 692223, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioLR.cab", "id": "region_1023", "name": "visiolr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiolr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:27.861", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001025-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", "id": "region_1025", "name": "visiomui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.028", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001026-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_246", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0054-0409-1000-0000000FF1CE}-C\\VisioMUI.xml", "id": "region_1026", "name": "visiomui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0054-0409-1000-0000000ff1ce}-c\\visiomui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001028-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_247", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", "id": "region_1028", "name": "onenotemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.062", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001029-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_248", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OneNoteMUI.xml", "id": "region_1029", "name": "onenotemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onenotemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.071", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001032-addr_0x00000000000a0000-size_0x0000000000006000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 24576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 679935, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\OnoteLR.cab", "id": "region_1032", "name": "onotelr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\onotelr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.785", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001034-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_250", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1034", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.794", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001035-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_251", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00A1-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1035", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00a1-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.797", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001037-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_252", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", "id": "region_1037", "name": "projectmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001038-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_253", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjectMUI.xml", "id": "region_1038", "name": "projectmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projectmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:28.817", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001040-addr_0x0000000003240000-size_0x00000000007e2000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_254", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8265728, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 60956671, "entry_point": 52690944, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", "id": "region_1040", "name": "projlr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab", "region_type": "memory_mapped_file", "start_va": 52690944, "timestamp": "00:00:28.836", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001041-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_255", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\ProjLR.cab", "id": "region_1041", "name": "projlr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\projlr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.142", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001043-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_256", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1043", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.146", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001044-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_257", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00B4-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1044", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00b4-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.148", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001046-addr_0x0000000003240000-size_0x00000000003e8000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_258", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096000, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 56786943, "entry_point": 52690944, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", "id": "region_1046", "name": "groovelr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab", "region_type": "memory_mapped_file", "start_va": 52690944, "timestamp": "00:00:29.193", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001047-addr_0x00000000000a0000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_259", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 688127, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveLR.cab", "id": "region_1047", "name": "groovelr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovelr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.391", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001049-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_260", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", "id": "region_1049", "name": "groovemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.416", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001050-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_261", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\GrooveMUI.xml", "id": "region_1050", "name": "groovemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\groovemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.421", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001052-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_262", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1052", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.425", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001053-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_263", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-00BA-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1053", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-00ba-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.427", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001055-addr_0x0000000002850000-size_0x0000000000092000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_264", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 598016, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42868735, "entry_point": 42270720, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", "id": "region_1055", "name": "branding.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml", "region_type": "memory_mapped_file", "start_va": 42270720, "timestamp": "00:00:29.456", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001056-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_265", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\branding.xml", "id": "region_1056", "name": "branding.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\branding.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:29.490", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001080-addr_0x00000000000a0000-size_0x000000000000a000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 40960, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 696319, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeLR.cab", "id": "region_1080", "name": "officelr.cab", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officelr.cab", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001082-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", "id": "region_1082", "name": "officemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001115-addr_0x00000000000a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUI.xml", "id": "region_1115", "name": "officemui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.388", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001135-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", "id": "region_1135", "name": "officemuiset.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.471", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001165-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\OfficeMUISet.xml", "id": "region_1165", "name": "officemuiset.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\officemuiset.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.530", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001180-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1180", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.589", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001181-addr_0x00000000000a0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 667647, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0115-0409-1000-0000000FF1CE}-C\\Setup.xml", "id": "region_1181", "name": "setup.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0115-0409-1000-0000000ff1ce}-c\\setup.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.594", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001242-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", "id": "region_1242", "name": "accessmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.706", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00001243-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 655360, "filename": "\\MSOCache\\All Users\\{90140000-0117-0409-1000-0000000FF1CE}-C\\Access.en-us\\AccessMUI.xml", "id": "region_1243", "name": "accessmui.xml", "norm_filename": "c:\\msocache\\all users\\{90140000-0117-0409-1000-0000000ff1ce}-c\\access.en-us\\accessmui.xml", "region_type": "memory_mapped_file", "start_va": 655360, "timestamp": "00:00:30.718", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Delete /F /TN rhaegal", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_3", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000400-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_400", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:15.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000401-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_401", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:15.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_402", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:15.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_403", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:15.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_404", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:15.264", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000405-addr_0x00000000000b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_405", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:15.265", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000406-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_406", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:15.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1247412224, "type": "region", "version": 1 }, "end_va": 1247723519, "entry_point": 1247412224, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_407", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1247412224, "timestamp": "00:00:15.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_408", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:15.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_409", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:15.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_410", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:15.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000411-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_411", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:15.273", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000412-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_412", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:15.273", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000413-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_413", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:15.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_414", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:15.273", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000415-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_415", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:15.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_416", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:15.274", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000417-addr_0x0000000000320000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_417", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:15.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_418", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:15.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_419", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:15.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_420", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:15.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_421", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:15.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_422", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:15.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2453503, "entry_point": 2031616, "filename": "\\Windows\\System32\\locale.nls", "id": "region_423", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2031616, "timestamp": "00:00:15.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000424-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_424", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:15.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000425-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_425", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:00:15.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1954705407, "entry_point": 1954676736, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_426", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:15.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_427", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:15.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_428", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:15.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_429", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_430", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:15.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_431", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:15.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_432", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:15.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_433", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:15.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_434", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:15.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_435", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:15.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_436", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:15.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_437", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:15.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_438", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:15.372", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000439-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_439", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:15.373", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000440-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_440", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:15.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_441", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:15.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_442", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:15.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7700479, "entry_point": 0, "filename": null, "id": "region_443", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:00:15.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_444", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:15.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_445", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:15.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_446", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:15.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_447", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:15.395", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000448-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_448", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:15.395", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000449-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_449", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:15.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 9310207, "entry_point": 0, "filename": null, "id": "region_450", "name": "pagefile_0x0000000000760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7733248, "timestamp": "00:00:15.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_451", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:00:15.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 33763327, "entry_point": 0, "filename": null, "id": "region_452", "name": "pagefile_0x0000000001cf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30343168, "timestamp": "00:00:15.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 36761599, "entry_point": 33816576, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_453", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33816576, "timestamp": "00:00:15.419", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Delete /F /TN rhaegal", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_4", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000454-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_454", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:15.425", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000455-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_455", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:15.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_456", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:15.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_457", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:15.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_458", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:15.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000459-addr_0x00000000000d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_82", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_459", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:15.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2613247, "entry_point": 2424832, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_460", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:00:15.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000461-addr_0x00000000002e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_83", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_461", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:15.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_462", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:15.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_463", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:15.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_464", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:15.437", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000465-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_84", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_465", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:15.438", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000466-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_85", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_466", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:15.438", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000467-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_86", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_467", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:15.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_468", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:15.439", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000469-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_87", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_469", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:15.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_470", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:15.439", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000471-addr_0x0000000000160000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_88", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_471", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:00:15.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_472", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:15.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_473", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:15.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_474", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:15.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_475", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:15.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_476", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:15.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2387967, "entry_point": 1966080, "filename": "\\Windows\\System32\\locale.nls", "id": "region_477", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1966080, "timestamp": "00:00:15.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000478-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_89", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_478", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:15.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000479-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_479", "name": "private_0x0000000000600000", "norm_filename": null, "region_type": "private_memory", "start_va": 6291456, "timestamp": "00:00:15.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954611200, "type": "region", "version": 1 }, "end_va": 1954648063, "entry_point": 1954611200, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_480", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1954611200, "timestamp": "00:00:15.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_481", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:15.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_482", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:15.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_483", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:15.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_484", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:15.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_485", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:15.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_486", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:15.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_487", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:15.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979580416, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_488", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:15.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_489", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:15.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_490", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:15.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_491", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:15.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_492", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:15.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_493", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:15.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_494", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:15.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_495", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:15.490", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000496-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_91", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_496", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:15.490", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000497-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_92", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_497", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:15.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_498", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:15.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_499", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:15.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 6258687, "entry_point": 0, "filename": null, "id": "region_500", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:00:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_501", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_502", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:15.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_503", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:15.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_504", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:15.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 598015, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_505", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:00:15.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000506-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_93", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_506", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:15.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000507-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_507", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:15.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7933951, "entry_point": 0, "filename": null, "id": "region_508", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:00:15.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_509", "name": "pagefile_0x00000000007a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7995392, "timestamp": "00:00:15.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954582527, "entry_point": 1954545664, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_510", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:15.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 28966912, "type": "region", "version": 1 }, "end_va": 31911935, "entry_point": 28966912, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_511", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 28966912, "timestamp": "00:00:15.521", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000512-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_512", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:00:15.540", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000513-addr_0x0000000001f60000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_513", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:00:15.540", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000514-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_514", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:15.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1950416896, "type": "region", "version": 1 }, "end_va": 1950941183, "entry_point": 1950496713, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_515", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1950416896, "timestamp": "00:00:15.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000516-addr_0x0000000001fa0000-size_0x0000000000120000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1179648, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_516", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:00:15.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 34074623, "entry_point": 0, "filename": null, "id": "region_517", "name": "pagefile_0x0000000001fa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33161216, "timestamp": "00:00:15.545", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000518-addr_0x0000000002080000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_518", "name": "private_0x0000000002080000", "norm_filename": null, "region_type": "private_memory", "start_va": 34078720, "timestamp": "00:00:15.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_519", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:15.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981743104, "type": "region", "version": 1 }, "end_va": 1982279679, "entry_point": 1981743104, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_520", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981743104, "timestamp": "00:00:15.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_521", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:00:15.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1953878015, "entry_point": 1953366016, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_522", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:00:15.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 34340864, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_523", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 34340864, "timestamp": "00:00:15.584", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR \"C:\\Windows\\system32\\cmd.exe /C Start \\\"\\\" \\\"C:\\Windows\\dispci.exe\\\" -id 1550063777 && exit\"", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_5", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000524-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_524", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000525-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_525", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:17.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_526", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:17.331", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000527-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_527", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:17.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_528", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:00:17.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_529", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:00:17.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000530-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_530", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:17.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1247346688, "type": "region", "version": 1 }, "end_va": 1247657983, "entry_point": 1247380122, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_531", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1247346688, "timestamp": "00:00:17.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_532", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:17.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_533", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:17.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_534", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:17.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000535-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_535", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:17.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000536-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_536", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:17.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000537-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_537", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:17.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_538", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.350", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000539-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_539", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_540", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:17.351", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000541-addr_0x0000000000100000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_541", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:17.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_542", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:17.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_543", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:17.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_544", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:17.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_545", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_546", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1994751, "entry_point": 1572864, "filename": "\\Windows\\System32\\locale.nls", "id": "region_547", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1572864, "timestamp": "00:00:17.481", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000548-addr_0x0000000000380000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_548", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:00:17.481", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000549-addr_0x0000000000640000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_549", "name": "private_0x0000000000640000", "norm_filename": null, "region_type": "private_memory", "start_va": 6553600, "timestamp": "00:00:17.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1954611200, "type": "region", "version": 1 }, "end_va": 1954639871, "entry_point": 1954615856, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_550", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1954611200, "timestamp": "00:00:17.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_551", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:17.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_552", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:17.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_553", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:17.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_554", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:17.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_555", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:17.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_556", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:17.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_557", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:17.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_558", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:17.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_559", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:17.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_560", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:17.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_561", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:17.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_562", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:17.487", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000563-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_563", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:17.487", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000564-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_564", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:17.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_565", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:17.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_566", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:17.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 6324223, "entry_point": 0, "filename": null, "id": "region_567", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:17.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_568", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:17.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_569", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:17.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_570", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_571", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:00:17.496", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000572-addr_0x00000000000c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_572", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000573-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_573", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 8196095, "entry_point": 0, "filename": null, "id": "region_574", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 29229055, "entry_point": 0, "filename": null, "id": "region_575", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29229056, "type": "region", "version": 1 }, "end_va": 32649215, "entry_point": 0, "filename": null, "id": "region_576", "name": "pagefile_0x0000000001be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29229056, "timestamp": "00:00:17.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 35647487, "entry_point": 32702464, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_580", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32702464, "timestamp": "00:00:17.533", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR \"C:\\Windows\\system32\\shutdown.exe /r /t 0 /f\" /ST 02:34:00", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_6", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000581-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_581", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000582-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_582", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:17.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_583", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:17.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_584", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_585", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000586-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_586", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000587-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_587", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1247346688, "type": "region", "version": 1 }, "end_va": 1247657983, "entry_point": 1247380122, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_588", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1247346688, "timestamp": "00:00:17.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_589", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:17.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_590", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:17.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_591", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:17.542", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000592-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_592", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:17.543", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000593-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_593", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:17.543", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000594-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_594", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:17.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_595", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.544", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000596-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_596", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_597", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:17.544", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000598-addr_0x00000000000b0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_598", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:17.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_599", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:17.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_600", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:17.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_601", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:17.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_691", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_692", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 1245184, "filename": "\\Windows\\System32\\locale.nls", "id": "region_693", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:00:17.922", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000694-addr_0x00000000002f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_694", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:17.923", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000695-addr_0x0000000000440000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_695", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:00:17.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1954611200, "type": "region", "version": 1 }, "end_va": 1954639871, "entry_point": 1954615856, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_696", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1954611200, "timestamp": "00:00:17.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_697", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:17.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_698", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:17.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_699", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:17.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_700", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:17.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_701", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:17.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_702", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:17.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_703", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:17.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_704", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:17.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_705", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:17.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_706", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:17.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_707", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:17.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_708", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:17.928", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000709-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_709", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:17.929", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000710-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_710", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:17.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_711", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:17.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:17.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 7110655, "entry_point": 0, "filename": null, "id": "region_713", "name": "pagefile_0x0000000000540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5505024, "timestamp": "00:00:17.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_714", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:17.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_715", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:17.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_716", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_717", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:00:17.938", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000718-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_718", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000719-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_719", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 8720383, "entry_point": 0, "filename": null, "id": "region_720", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 29753343, "entry_point": 0, "filename": null, "id": "region_721", "name": "pagefile_0x0000000000860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8781824, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 33173503, "entry_point": 0, "filename": null, "id": "region_722", "name": "pagefile_0x0000000001c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29753344, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 36171775, "entry_point": 33226752, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_725", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33226752, "timestamp": "00:00:17.970", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR \"C:\\Windows\\system32\\cmd.exe /C Start \\\"\\\" \\\"C:\\Windows\\dispci.exe\\\" -id 1550063777 && exit\"", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_7", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00000611-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_611", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.563", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000612-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_612", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:17.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_613", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:17.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_614", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:17.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_615", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:17.565", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000616-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_616", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:17.565", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000617-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_617", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4710399, "entry_point": 4617859, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_618", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 4521984, "timestamp": "00:00:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_619", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_620", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:17.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_621", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:17.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000622-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_622", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:17.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000623-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_623", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:17.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000624-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_624", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:17.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_625", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.568", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000626-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_626", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_627", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:17.568", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000628-addr_0x0000000000290000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_628", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:17.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_629", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:17.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_630", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:17.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_631", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:17.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_632", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_633", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_634", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:00:17.597", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000635-addr_0x00000000001c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:17.598", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000636-addr_0x00000000005a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_636", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:00:17.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1954713599, "entry_point": 1954682928, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_637", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:17.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_638", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:17.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_639", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:17.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_640", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:17.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_641", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:17.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_642", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:17.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_643", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:17.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_644", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:17.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979596721, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_645", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:17.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_646", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:17.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_647", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:17.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_648", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:17.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_649", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:17.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_650", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:17.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_651", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:17.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_652", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:17.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000653-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_653", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:17.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000654-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_654", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:17.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_655", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:17.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_656", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:17.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 8552447, "entry_point": 0, "filename": null, "id": "region_679", "name": "pagefile_0x00000000006a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6946816, "timestamp": "00:00:17.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_680", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:17.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_681", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:17.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_682", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_683", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:17.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 1507328, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_684", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:00:17.861", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000685-addr_0x0000000000190000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_685", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:17.862", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000686-addr_0x00000000001a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:00:17.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 10162175, "entry_point": 0, "filename": null, "id": "region_687", "name": "pagefile_0x0000000000830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8585216, "timestamp": "00:00:17.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 31195135, "entry_point": 0, "filename": null, "id": "region_688", "name": "pagefile_0x00000000009c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10223616, "timestamp": "00:00:17.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954480128, "type": "region", "version": 1 }, "end_va": 1954516991, "entry_point": 1954484768, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_689", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1954480128, "timestamp": "00:00:17.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 34140159, "entry_point": 31195136, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_690", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31195136, "timestamp": "00:00:17.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1950416896, "type": "region", "version": 1 }, "end_va": 1950941183, "entry_point": 1950496713, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_723", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1950416896, "timestamp": "00:00:17.956", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000724-addr_0x0000000002090000-size_0x00000000001d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1900544, "start_va": 34144256, "type": "region", "version": 1 }, "end_va": 36044799, "entry_point": 0, "filename": null, "id": "region_724", "name": "private_0x0000000002090000", "norm_filename": null, "region_type": "private_memory", "start_va": 34144256, "timestamp": "00:00:17.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4124671, "entry_point": 0, "filename": null, "id": "region_727", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:00:17.985", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000814-addr_0x0000000000560000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_814", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:00:18.510", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000815-addr_0x00000000020e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 34734079, "entry_point": 0, "filename": null, "id": "region_815", "name": "private_0x00000000020e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34471936, "timestamp": "00:00:18.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000816-addr_0x0000000002220000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 36044799, "entry_point": 0, "filename": null, "id": "region_816", "name": "private_0x0000000002220000", "norm_filename": null, "region_type": "private_memory", "start_va": 35782656, "timestamp": "00:00:18.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000817-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_817", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:18.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_818", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:18.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981743104, "type": "region", "version": 1 }, "end_va": 1982279679, "entry_point": 1981752274, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_819", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981743104, "timestamp": "00:00:18.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_820", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:18.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1953353727, "entry_point": 1952847466, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_821", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:00:18.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953886207, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\xmllite.dll", "id": "region_824", "name": "xmllite.dll", "norm_filename": "c:\\windows\\syswow64\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:00:18.589", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\41D0.tmp\" \\\\.\\pipe\\{2FDFCF81-BD74-41C3-9115-F628925CC568}", "filename": "c:\\windows\\41d0.tmp", "id": "proc_8", "image_name": "41d0.tmp", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00000664-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_664", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_665", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000666-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_666", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_667", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_668", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000669-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_669", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000670-addr_0x000000007fff2000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147426304, "type": "region", "version": 1 }, "end_va": 2147430399, "entry_point": 0, "filename": null, "id": "region_670", "name": "private_0x000000007fff2000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147426304, "timestamp": "00:00:17.637", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000671-addr_0x000000013f340000-size_0x0000000000013000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 77824, "start_va": 5355339776, "type": "region", "version": 1 }, "end_va": 5355417599, "entry_point": 5355339776, "filename": "\\Windows\\41D0.tmp", "id": "region_671", "name": "41d0.tmp", "norm_filename": "c:\\windows\\41d0.tmp", "region_type": "memory_mapped_file", "start_va": 5355339776, "timestamp": "00:00:17.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782002687, "entry_point": 8791781998592, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_672", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:00:17.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_673", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:17.639", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000674-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_674", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:00:17.640", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000675-addr_0x000007fffffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_675", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:00:17.640", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000676-addr_0x0000000000080000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_676", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:17.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 1992753152, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_677", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992753152, "timestamp": "00:00:17.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791747723264, "type": "region", "version": 1 }, "end_va": 8791748161535, "entry_point": 8791747723264, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_678", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791747723264, "timestamp": "00:00:17.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_728", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_729", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3108863, "entry_point": 2686976, "filename": "\\Windows\\System32\\locale.nls", "id": "region_730", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:00:17.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 1991704576, "filename": "\\Windows\\System32\\user32.dll", "id": "region_731", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1991704576, "timestamp": "00:00:17.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_732", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:18.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_733", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:18.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791768956928, "type": "region", "version": 1 }, "end_va": 8791770189823, "entry_point": 8791768956928, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_734", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791768956928, "timestamp": "00:00:18.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791772364800, "type": "region", "version": 1 }, "end_va": 8791773261823, "entry_point": 8791772364800, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_735", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791772364800, "timestamp": "00:00:18.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791774396416, "type": "region", "version": 1 }, "end_va": 8791775047679, "entry_point": 8791774396416, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_736", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791774396416, "timestamp": "00:00:18.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791775969280, "type": "region", "version": 1 }, "end_va": 8791776026623, "entry_point": 8791775969280, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_737", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791775969280, "timestamp": "00:00:18.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791776034816, "type": "region", "version": 1 }, "end_va": 8791776456703, "entry_point": 8791776034816, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_738", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791776034816, "timestamp": "00:00:18.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791776493568, "type": "region", "version": 1 }, "end_va": 8791776956415, "entry_point": 8791776493568, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_739", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791776493568, "timestamp": "00:00:18.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791777148928, "type": "region", "version": 1 }, "end_va": 8791777972223, "entry_point": 8791777148928, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_740", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791777148928, "timestamp": "00:00:18.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791780229120, "type": "region", "version": 1 }, "end_va": 8791780356095, "entry_point": 8791780229120, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_741", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791780229120, "timestamp": "00:00:18.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000788-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_788", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:00:18.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000789-addr_0x0000000000470000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_789", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:00:18.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 6324223, "entry_point": 0, "filename": null, "id": "region_790", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:18.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791773282304, "type": "region", "version": 1 }, "end_va": 8791774367743, "entry_point": 8791773282304, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_791", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791773282304, "timestamp": "00:00:18.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791779966976, "type": "region", "version": 1 }, "end_va": 8791780155391, "entry_point": 8791779966976, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_792", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791779966976, "timestamp": "00:00:18.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000805-addr_0x0000000000040000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_805", "name": "private_0x0000000000040000", "norm_filename": null, "region_type": "private_memory", "start_va": 262144, "timestamp": "00:00:18.416", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000806-addr_0x0000000000050000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_806", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7933951, "entry_point": 0, "filename": null, "id": "region_807", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:00:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_808", "name": "pagefile_0x00000000007a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7995392, "timestamp": "00:00:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000809-addr_0x0000000001cc0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30212095, "entry_point": 0, "filename": null, "id": "region_809", "name": "private_0x0000000001cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30146560, "timestamp": "00:00:18.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 8791738286080, "type": "region", "version": 1 }, "end_va": 8791738425343, "entry_point": 8791738286080, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_810", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 8791738286080, "timestamp": "00:00:18.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 8791733108736, "type": "region", "version": 1 }, "end_va": 8791733420031, "entry_point": 8791733108736, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_811", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 8791733108736, "timestamp": "00:00:18.439", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000822-addr_0x0000000001cd0000-size_0x0000000000168000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1474560, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 31686655, "entry_point": 0, "filename": null, "id": "region_822", "name": "private_0x0000000001cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30212096, "timestamp": "00:00:18.557", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "schtasks /Create /SC once /TN drogon /RU SYSTEM /TR \"C:\\Windows\\system32\\shutdown.exe /r /t 0 /f\" /ST 02:34:00", "filename": "c:\\windows\\syswow64\\schtasks.exe", "id": "proc_9", "image_name": "schtasks.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000009-region_00000742-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_742", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:18.270", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000743-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_743", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:18.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_744", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:18.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_745", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:18.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_746", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:18.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000747-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_747", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:18.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000748-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_748", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:18.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4710399, "entry_point": 4617859, "filename": "\\Windows\\SysWOW64\\schtasks.exe", "id": "region_749", "name": "schtasks.exe", "norm_filename": "c:\\windows\\syswow64\\schtasks.exe", "region_type": "memory_mapped_file", "start_va": 4521984, "timestamp": "00:00:18.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_750", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:18.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_751", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:18.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_752", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:18.274", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000753-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_753", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:18.274", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000754-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_754", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:18.274", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000755-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_755", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:18.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_756", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:18.275", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000757-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:18.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_758", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:18.275", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000759-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_759", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:18.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_760", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:18.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_761", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:18.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_762", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:18.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_763", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:18.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_764", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:18.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_765", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:00:18.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000766-addr_0x0000000000620000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7471103, "entry_point": 0, "filename": null, "id": "region_766", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:00:18.300", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000767-addr_0x00000000008c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 9240575, "entry_point": 0, "filename": null, "id": "region_767", "name": "private_0x00000000008c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9175040, "timestamp": "00:00:18.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1954713599, "entry_point": 1954682928, "filename": "\\Windows\\SysWOW64\\ktmw32.dll", "id": "region_768", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\syswow64\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:18.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_769", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:18.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_770", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:18.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_771", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:18.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_772", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:18.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_773", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:18.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_774", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:18.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_775", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:18.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979596721, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_776", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:18.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_777", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:18.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_778", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:18.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_779", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:18.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_780", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:18.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_781", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:18.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_782", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:18.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_783", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:18.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000784-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_784", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:18.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000785-addr_0x0000000076c70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_785", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:18.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_786", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:18.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_787", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:18.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 6324223, "entry_point": 0, "filename": null, "id": "region_793", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:18.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_794", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:18.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_795", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:18.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_796", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:18.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_797", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:00:18.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 786432, "filename": "\\Windows\\SysWOW64\\en-US\\schtasks.exe.mui", "id": "region_798", "name": "schtasks.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\schtasks.exe.mui", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:00:18.371", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000799-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_799", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:18.372", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000800-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_800", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:18.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 9048063, "entry_point": 0, "filename": null, "id": "region_801", "name": "pagefile_0x0000000000720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7471104, "timestamp": "00:00:18.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 30212095, "entry_point": 0, "filename": null, "id": "region_802", "name": "pagefile_0x00000000008d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9240576, "timestamp": "00:00:18.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1954480128, "type": "region", "version": 1 }, "end_va": 1954516991, "entry_point": 1954484768, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_803", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1954480128, "timestamp": "00:00:18.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 33157119, "entry_point": 30212096, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_804", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 30212096, "timestamp": "00:00:18.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1950416896, "type": "region", "version": 1 }, "end_va": 1950941183, "entry_point": 1950496713, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_812", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1950416896, "timestamp": "00:00:18.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000813-addr_0x00000000001c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_813", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:18.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4517887, "entry_point": 0, "filename": null, "id": "region_823", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:00:18.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000825-addr_0x0000000000290000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_825", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:18.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000826-addr_0x0000000002150000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 35192831, "entry_point": 0, "filename": null, "id": "region_826", "name": "private_0x0000000002150000", "norm_filename": null, "region_type": "private_memory", "start_va": 34930688, "timestamp": "00:00:18.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000827-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_827", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:18.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_828", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:00:18.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1981743104, "type": "region", "version": 1 }, "end_va": 1982279679, "entry_point": 1981752274, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_829", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1981743104, "timestamp": "00:00:18.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_830", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:18.634", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000831-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_831", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:18.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1953353727, "entry_point": 1952847466, "filename": "\\Windows\\SysWOW64\\taskschd.dll", "id": "region_832", "name": "taskschd.dll", "norm_filename": "c:\\windows\\syswow64\\taskschd.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:00:18.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953886207, "entry_point": 1953698114, "filename": "\\Windows\\SysWOW64\\xmllite.dll", "id": "region_840", "name": "xmllite.dll", "norm_filename": "c:\\windows\\syswow64\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:00:18.817", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskeng.exe {E7027C3A-1DB2-40E8-88FC-68D4A38CC290} S-1-5-18:NT AUTHORITY\\System:Service:", "filename": "c:\\windows\\system32\\taskeng.exe", "id": "proc_10", "image_name": "taskeng.exe", "monitor_reason": "created_scheduled_job", "monitored_id": 10, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1468", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:38.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_1469", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:38.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1470", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:38.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1471", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:38.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1472", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_1473", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_1474", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1475", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1476", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:00:38.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_1477", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:38.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_1478", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:38.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_1479", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:38.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_1480", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:38.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_1481", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6848511, "entry_point": 0, "filename": null, "id": "region_1482", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_1483", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 12660735, "entry_point": 0, "filename": null, "id": "region_1484", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 12713984, "type": "region", "version": 1 }, "end_va": 13762559, "entry_point": 0, "filename": null, "id": "region_1485", "name": "private_0x0000000000c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 12713984, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14090240, "type": "region", "version": 1 }, "end_va": 14614527, "entry_point": 0, "filename": null, "id": "region_1486", "name": "private_0x0000000000d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 14090240, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15007744, "type": "region", "version": 1 }, "end_va": 15532031, "entry_point": 0, "filename": null, "id": "region_1487", "name": "private_0x0000000000e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 15007744, "timestamp": "00:00:38.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15532032, "type": "region", "version": 1 }, "end_va": 16056319, "entry_point": 0, "filename": null, "id": "region_1488", "name": "private_0x0000000000ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15532032, "timestamp": "00:00:38.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16449536, "type": "region", "version": 1 }, "end_va": 16973823, "entry_point": 0, "filename": null, "id": "region_1489", "name": "private_0x0000000000fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16449536, "timestamp": "00:00:38.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 17498112, "type": "region", "version": 1 }, "end_va": 20443135, "entry_point": 17498112, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1490", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 17498112, "timestamp": "00:00:38.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 20905984, "type": "region", "version": 1 }, "end_va": 21430271, "entry_point": 0, "filename": null, "id": "region_1491", "name": "private_0x00000000013f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20905984, "timestamp": "00:00:38.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 22151168, "type": "region", "version": 1 }, "end_va": 22675455, "entry_point": 0, "filename": null, "id": "region_1492", "name": "private_0x0000000001520000", "norm_filename": null, "region_type": "private_memory", "start_va": 22151168, "timestamp": "00:00:38.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 1991811784, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1493", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1991704576, "timestamp": "00:00:38.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 1992842912, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1494", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992753152, "timestamp": "00:00:38.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1495", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:38.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1496", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:38.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1497", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:38.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1498", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:38.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 4281008128, "type": "region", "version": 1 }, "end_va": 4281483263, "entry_point": 4281070668, "filename": "\\Windows\\System32\\taskeng.exe", "id": "region_1499", "name": "taskeng.exe", "norm_filename": "c:\\windows\\system32\\taskeng.exe", "region_type": "memory_mapped_file", "start_va": 4281008128, "timestamp": "00:00:38.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791645814784, "type": "region", "version": 1 }, "end_va": 8791645851647, "entry_point": 8791645819296, "filename": "\\Windows\\System32\\TSChannel.dll", "id": "region_1500", "name": "tschannel.dll", "norm_filename": "c:\\windows\\system32\\tschannel.dll", "region_type": "memory_mapped_file", "start_va": 8791645814784, "timestamp": "00:00:38.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791713185792, "type": "region", "version": 1 }, "end_va": 8791713402879, "entry_point": 8791713189988, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_1501", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791713185792, "timestamp": "00:00:38.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791713447936, "type": "region", "version": 1 }, "end_va": 8791713488895, "entry_point": 8791713457676, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_1502", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 8791713447936, "timestamp": "00:00:38.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791733895168, "type": "region", "version": 1 }, "end_va": 8791734185983, "entry_point": 8791733899364, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1503", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791733895168, "timestamp": "00:00:38.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791737040896, "type": "region", "version": 1 }, "end_va": 8791737135103, "entry_point": 8791737053880, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1504", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791737040896, "timestamp": "00:00:38.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791739072512, "type": "region", "version": 1 }, "end_va": 8791739518975, "entry_point": 8791739076624, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_1505", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791739072512, "timestamp": "00:00:38.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791743135744, "type": "region", "version": 1 }, "end_va": 8791743287295, "entry_point": 8791743174232, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1506", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791743135744, "timestamp": "00:00:38.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791743332352, "type": "region", "version": 1 }, "end_va": 8791743393791, "entry_point": 8791743336464, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1507", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791743332352, "timestamp": "00:00:38.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791744315392, "type": "region", "version": 1 }, "end_va": 8791744397311, "entry_point": 8791744319712, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1508", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791744315392, "timestamp": "00:00:38.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791747723264, "type": "region", "version": 1 }, "end_va": 8791748161535, "entry_point": 8791747735776, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1509", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791747723264, "timestamp": "00:00:38.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751823359, "entry_point": 8791751203856, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1510", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:00:38.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791768956928, "type": "region", "version": 1 }, "end_va": 8791770189823, "entry_point": 8791769279824, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1511", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791768956928, "timestamp": "00:00:38.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791770202112, "type": "region", "version": 1 }, "end_va": 8791772311551, "entry_point": 8791770346288, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1512", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791770202112, "timestamp": "00:00:38.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791772364800, "type": "region", "version": 1 }, "end_va": 8791773261823, "entry_point": 8791772497760, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1513", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791772364800, "timestamp": "00:00:38.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791773282304, "type": "region", "version": 1 }, "end_va": 8791774367743, "entry_point": 8791773286500, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1514", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791773282304, "timestamp": "00:00:38.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791774396416, "type": "region", "version": 1 }, "end_va": 8791775047679, "entry_point": 8791774406048, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1515", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791774396416, "timestamp": "00:00:38.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791775051776, "type": "region", "version": 1 }, "end_va": 8791775932415, "entry_point": 8791775064692, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1516", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791775051776, "timestamp": "00:00:38.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791775969280, "type": "region", "version": 1 }, "end_va": 8791776026623, "entry_point": 8791775973504, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1517", "name": "lpk.dl