{ "analysis_details": { "creation_time": "2018-01-17 14:10 (UTC+1)", "execution_successful": true, "number_of_processes": 3, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:03:16" }, "artifacts": { "files": [ { "filename": "C:\\Microsoft\\hash", "hashes": [ { "md5_hash": "79570daf5afe49ef71c9148c51aa1dda", "sha1_hash": "b6a11a5f191391aca1095932d387945c9ef934a3", "sha256_hash": "a963f08069a8ba118efd65291347f46968be1e5a02bb81036ed3584ea972f0e3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\microsoft\\hash", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\-sPM6vJb.odt.Lime", "hashes": [ { "md5_hash": "b4d942f4683ba6b39b7cce37c902355b", "sha1_hash": "a66b7f2d457ac42df6587b1831ecadaeaae35e56", "sha256_hash": "a44f8fcfa0d42cf77ef27e2ce5acf0ad9b4ae77ec6f5be9de07f78ac14ec11ce", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\-spm6vjb.odt.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\0u2YA.docx.Lime", "hashes": [ { "md5_hash": "2546d9ba9be02db58e8fe966ab91caea", "sha1_hash": "c0ebdbc21ddb63954919b3a45b392151fbc9f16b", "sha256_hash": "1efd55214870714732c1e9503d42c853f342603c93207dbe729325729689ef2b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\0u2ya.docx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\7wwG1Y1tq2o4XiF.pdf.Lime", "hashes": [ { "md5_hash": "4919359f1310c4aefcda111370faf616", "sha1_hash": "6b7f727a9b5a7f2de9f5494d8cce8678cd9d4ca8", "sha256_hash": "de60cda7106e04857a224b2c139381dc5907348f8465827ad0366ea471ccbf64", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\7wwg1y1tq2o4xif.pdf.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\9TMo3uu8-Scl.xlsx.Lime", "hashes": [ { "md5_hash": "424c59058aaca748e44049c9abc42f85", "sha1_hash": "62f42f357977e8edb15a956b472846fd42cf756f", "sha256_hash": "bbf01e9b2887fadc026683f02a469d7f991fac5240fc3777ecf3f6f3b1e0cb96", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\9tmo3uu8-scl.xlsx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\AEghbUBMs5NTL.pptx.Lime", "hashes": [ { "md5_hash": "815ee7a3f7a76c7f3b38c1ae17fcd72e", "sha1_hash": "8abce056fbccf6c09114555e172441aa16c67561", "sha256_hash": "2189fcee260e07ef63e22ce138ade649ed24c8d061e292d7f64593b93e2a928b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\aeghbubms5ntl.pptx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\c94gQ1vFwVFBcDGwkD_.docx.Lime", "hashes": [ { "md5_hash": "862921b589b1174597317f170cbab044", "sha1_hash": "9fe9f87c32d73f2054d4fe01b35d096b0f6e3a47", "sha256_hash": "bd1b4d09a8585e5676e94e24ffb2ebd2be748da757059de0792829119d1bf1ba", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\c94gq1vfwvfbcdgwkd_.docx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\desktop.ini.Lime", "hashes": [ { "md5_hash": "c9b46817038fb05173f74b2790bbc4ce", "sha1_hash": "cc9f85de2a7c64983b76b792c886127d138a5aed", "sha256_hash": "db5d72c549b2858b34b9b5e3c30992eddabea01e5932f4c96f85fff201341613", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\desktop.ini.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\erHcl A2gBL1aT.docx.Lime", "hashes": [ { "md5_hash": "8a71b4f4b4ad2e149140cb2b622b1fad", "sha1_hash": "88449cd7ef630459459cca28010d9ca8afe14b34", "sha256_hash": "515ff8c559e9c6e7954935a84d186ab4d02babe1ba2aabf27f31bc230828bfeb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\erhcl a2gbl1at.docx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\eYeDf199l.xlsx.Lime", "hashes": [ { "md5_hash": "ae2cdd9a7f32633b027bd575d0f113dc", "sha1_hash": "53cb828326932fff1ad9caea8f57461806bb230e", "sha256_hash": "bea704f52a0f00d060ac9941e436d630e7cada31f56fb73e48af2218d2411796", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\eyedf199l.xlsx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\G 5ZX6m5N.docx.Lime", "hashes": [ { "md5_hash": "94bec26d56d482bd139bdfb85b01cec0", "sha1_hash": "a9dc1a26b2b735e470a74a18e40944eb7b4bd7ce", "sha256_hash": "85cbd08116d0556bf80968bdae8afba8d4e59270cee8f0c4d8ca0097661246bc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\g 5zx6m5n.docx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\gMur.xlsx.Lime", "hashes": [ { "md5_hash": "00921b3dd8f8a0b4c3c838ce320f8d51", "sha1_hash": "5d5dd5fed4d0390fe22f9e93247b43b68f7ef5c6", "sha256_hash": "9ef6930900b28d361eaa83d4cd61d1525e143c3ccffc312a22644d23aa27f4a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\gmur.xlsx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\h2PCXTBBfD dI.xlsx.Lime", "hashes": [ { "md5_hash": "b2c1aba23191532fc0d783f69e75770f", "sha1_hash": "4858c75da24b0b7dfd769f7b3da5d4405b6fc45c", "sha256_hash": "3d4def9f5b6a66da1060a8388b8d0119ebd8d0a56c4091682ede7fe757adb9db", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\h2pcxtbbfd di.xlsx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\IYDMli-q8mF8cJ.ppt.Lime", "hashes": [ { "md5_hash": "43785acb2b4829ee93a6166f488f3f43", "sha1_hash": "dc663c05346efb28562d5a1c7fc5c82a2cab90ca", "sha256_hash": "9a4d4bffaa3f4693a95905f1d125f721d3926beb00104f4b035c6b54d8c60714", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\iydmli-q8mf8cj.ppt.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OCZESPOCHPv.csv.Lime", "hashes": [ { "md5_hash": "b7246b6277c064427412b2b3f7ce6ffc", "sha1_hash": "d55113611d99fcf8132db6c89e38a7035fb4b7c5", "sha256_hash": "c6a0f5d5f54b84da2cde0afe2ed7cde7095f06df136891752e06bec52fd7cd01", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\oczespochpv.csv.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\oOjIQe2Ti5VBxCBHnG2.docx.Lime", "hashes": [ { "md5_hash": "5ff36f203bba5b322f5b8687bfc8f0a2", "sha1_hash": "f0c3ca41a1e38db91f05d0bd1a007d3294ed2770", "sha256_hash": "5957d364d5e8c1b48c1b42eeb3fa02f4d4c5c3e2f1829a182d2a5445b576abe7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\oojiqe2ti5vbxcbhng2.docx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\x7naB3SX5u.pptx.Lime", "hashes": [ { "md5_hash": "db0cc0cdc6760daae4c33c0948512fb6", "sha1_hash": "43fcfa1a53d7bc16eb97c3f98fc7241c186d6659", "sha256_hash": "8f9a92d8c392f354ee9843901e1f5d0fd331f6056f1e3528118caa998ec2b9b9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\x7nab3sx5u.pptx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\B37K-LfrWIVyw.pps.Lime", "hashes": [ { "md5_hash": "eda419c37b32c3b4aa1b721cb678a437", "sha1_hash": "82d30c13eee7e1277275b27a50bb7dfacdb8cc9d", "sha256_hash": "9dbeee248a82d89fc500ef79880ab80c3b3d8a95cb60c8866ec1bd13bc317b91", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\b37k-lfrwivyw.pps.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\MIQzp.pps.Lime", "hashes": [ { "md5_hash": "846a4dddd2a1dd6c856e3040ff20f2bf", "sha1_hash": "f40041b3f0a9f0d460112b99798a88b002695f16", "sha256_hash": "30012a509d48b4fa6da6e0e0b242526de79aaa8cbe373971c02ac7f10d58e540", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\miqzp.pps.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\dupIwyYc2Jp.docx.Lime", "hashes": [ { "md5_hash": "3de5fba903cec3f1edbd740b43e4c9f0", "sha1_hash": "1a0cb04b9f174a09eb689fd29cd48343a10634c8", "sha256_hash": "0ad60be3f262f563d7fbebba20b4f7cb87c04e2e4c5e4de572b83266220a0cf9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\dupiwyyc2jp.docx.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\gTN-k.odt.Lime", "hashes": [ { "md5_hash": "f341d44e54207d2b5ecafa488e0d6d41", "sha1_hash": "42d2bd5e141cb52a34ea655dbf88e39ba694cad5", "sha256_hash": "b5868ee3bca2076893a61add47be36d73e56868bf2aa8129431eaddafc11bc59", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\gtn-k.odt.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\mT8RyiDfz3cr.pptx.Lime", "hashes": [ { "md5_hash": "df4afaf4f93aaceb0d4e62cef5a86cf4", "sha1_hash": "abc7b577d51e6d8223fde047b95fdc56becb5f20", "sha256_hash": "9216bc5e02ff640e2cd85f6dc7035a0ba6ea016b074346d374f65c47880cb038", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\mt8ryidfz3cr.pptx.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\nAdn7QwB885NzAt O.odp.Lime", "hashes": [ { "md5_hash": "f15adc0f50a7dc19f47f0d00b75ed444", "sha1_hash": "516a82381412d27d61ca16b172cef47848ac2a27", "sha256_hash": "64e84454898b46715d6c573f812a36236bf4585e169553cf2bb5af036339e916", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\nadn7qwb885nzat o.odp.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\nuvaV.rtf.Lime", "hashes": [ { "md5_hash": "ae505c67a1f9c6807e2e64ebdff8c37b", "sha1_hash": "f91536a2dc4a9e9fb00953b0dd87555dd9b835c7", "sha256_hash": "f424568ed0e0742e9f7045cafaf42a9e10cc5dbb2e0d538ca8cd700ce50d4892", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\nuvav.rtf.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\BWmJPNLUzWsoVW5iDA\\hDVR7Lfi7YE7\\U2 jrSbzpiR7OxWWq.pptx.Lime", "hashes": [ { "md5_hash": "17e53bd42e9e3784a675460c04ebc5bc", "sha1_hash": "21f73a8d3364d9f59d75732826a391b73a94da27", "sha256_hash": "1b2790b749c9dc3c85a06d557e2962b01d220bf277274aba2bce80225f2178a7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\u2 jrsbzpir7oxwwq.pptx.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\BWmJPNLUzWsoVW5iDA\\hDVR7Lfi7YE7\\w anjoZ7.doc.Lime", "hashes": [ { "md5_hash": "056b121ba3acf890e659c167d6a07df3", "sha1_hash": "a3c1943bce25a355e41fb1abb3708ec6ad56df55", "sha256_hash": "50fb1fa37546a0765205d0424199bf5c8159c1b33cb537d5d3e35e830aec6097", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\w anjoz7.doc.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\Vksw T\\77jQfTI.csv.Lime", "hashes": [ { "md5_hash": "1a58904a8f4ba4b6ff21bfa0a818100e", "sha1_hash": "afe3e1fb048518682ae7eabe0f3f877de3c3759b", "sha256_hash": "727add00ffb70858d8200cc3978111b36952698bf1651bc52c987d6391245f1d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\vksw t\\77jqfti.csv.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\Vksw T\\9bwEefny0rpp.ods.Lime", "hashes": [ { "md5_hash": "31f5d82dd9b4998635e79cac53e84cd8", "sha1_hash": "8e959e4f97c1a0816fb8aa4af2fa4d78648ffa00", "sha256_hash": "d4711d2201a585572de2ca9791b17db939b9abffb6f56abc46c556f73c05d497", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\vksw t\\9bweefny0rpp.ods.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\desktop.ini.Lime", "hashes": [ { "md5_hash": "543aa4d0bab6eb92f144852b9321c9b2", "sha1_hash": "e5073a14c3b2a9140d4d16009dc228818f9137ac", "sha256_hash": "b4c49666006e8249df4923c13cfe489feb472ea5350dc96c9c552a7cd902884a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\desktop.ini.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\Favorites.vssx.Lime", "hashes": [ { "md5_hash": "b89066756566fcf59d882699f2aed3a3", "sha1_hash": "7341b43d325c1971d0caabc3dd8d361a2020c668", "sha256_hash": "1179b80a694dc4fc5e4f87ad86f8bb625ec972d54c1da2f97b51d3c259c3abb8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\favorites.vssx.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\_private\\folder.ico.Lime", "hashes": [ { "md5_hash": "7c0bc7cc02efbf4681b564565419920e", "sha1_hash": "65312a2bd1539f3aa2702dbf0ae4e665a27581fc", "sha256_hash": "356a2f5864d5e933d3044ff8d1b970bd1a0d2e9c664745a9bc92582fc221fb13", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\_private\\folder.ico.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\Outlook Files\\cjeijc.diuv@div.com.pst.Lime", "hashes": [ { "md5_hash": "3147acf6ff86361711af9cd9666eb006", "sha1_hash": "d15c599e256a7d53ffae0f60d0b2a7411124ddc4", "sha256_hash": "7cda96a618d8c66d7f42d9a569683b30986c6ad6caf88f7e1940f11a6b87b93a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\outlook files\\cjeijc.diuv@div.com.pst.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\8YzC.gif.Lime", "hashes": [ { "md5_hash": "26adc1f9ab71097bd0197bee8a3ce9e0", "sha1_hash": "817fc246afcab2a188fd1a160465e0d368c42d19", "sha256_hash": "d91c3eb862790256ec19c1b161c5e0fba291212fe3918c54c7ac7fc0d7109499", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\8yzc.gif.lime", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\97QMvfP-n9T7b4U.png.Lime", "hashes": [ { "md5_hash": "8464ff4b3e9f397ccf609b1a41ad44d5", "sha1_hash": "02b899ed7ef44eaaaea793469d898fc191498790", "sha256_hash": "57dd4d4511a75a6999d4e0dd7410a21003c11a5f3a3b097905fdae9831b8f889", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\97qmvfp-n9t7b4u.png.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\9pzHJofdZk0Fqc8d56gX.bmp.Lime", "hashes": [ { "md5_hash": "ddf1569c4ee4980e9f06a0ab99fc9a78", "sha1_hash": "75a85b1d0bd23ab66caf64c251da2af78809c293", "sha256_hash": "97cc8af117df3c2143929e739a288dcd74ac549c59dac5bc3d4e615206fb5812", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\9pzhjofdzk0fqc8d56gx.bmp.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\auOxLTYRVw31 BiYhvN.png.Lime", "hashes": [ { "md5_hash": "57786d413b451721be96c2ddbab09113", "sha1_hash": "9b28d33d86a94aa351138e10073bdb2fc79f70eb", "sha256_hash": "6e8aa604822738992563e086227bab934c8a672c4f787c4f4849de32597c1a9f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\auoxltyrvw31 biyhvn.png.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hosHP.gif.Lime", "hashes": [ { "md5_hash": "d2befa51c32e29e1b649063ca7df518a", "sha1_hash": "02bbb9921b9d89493f11067bf3cde44027875a5b", "sha256_hash": "4fd2643d374ec75b8e9d82def8992c62d8130871e2104a7d5a5bbbfd3c40a0a0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hoshp.gif.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\cn2.bmp.Lime", "hashes": [ { "md5_hash": "4165af98fa053b0ee858800fdea6bf2b", "sha1_hash": "cc4f196f2c84e8341319a9d160b59e1ef8cc7b75", "sha256_hash": "37b69b47f658dff4332165ccaa4cfa88d83cc13c0502fee6a512d5ae46e1c0a5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\cn2.bmp.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\eEmVU3Dk.bmp.Lime", "hashes": [ { "md5_hash": "b7a5dafa65e2e3fa682f5465eb1b0916", "sha1_hash": "62ce2237261b73c50cff867af65cab8cd538454e", "sha256_hash": "6a59dc100b1eaee7d56d79938e985486549ebd0b6b0917da24fe39571ea22573", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\eemvu3dk.bmp.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\FnZhHkemnJG.gif.Lime", "hashes": [ { "md5_hash": "273d2cab40ee021cef924385e9f4c715", "sha1_hash": "e9788c8741af89cc2abc5ce89840cb45dc6fe459", "sha256_hash": "04a68085ad7d4195d1f82b683a8801a78efe5bc170386553eedc12a772336b41", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\fnzhhkemnjg.gif.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\NR6dMjKJCnTfSCqR.gif.Lime", "hashes": [ { "md5_hash": "5f2dc9ccbe05c735697196fa730a5295", "sha1_hash": "1a4b13b00ce7944428fe442e64ab917cf379fac1", "sha256_hash": "ac617690e7e57582c5f49af08ee04a6ced2a8b3082576c3eca0295a9b1a9b6cb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\nr6dmjkjcntfscqr.gif.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\qKgeyNbDLJNjdCbMJb.gif.Lime", "hashes": [ { "md5_hash": "4f0d0c36301c73cf775da773e984b771", "sha1_hash": "6a0424d118d3a53091d507ac8e29e67b2b433b63", "sha256_hash": "d32a53331826fce9e18511db91f521bb5cc09964d78e290add6f8591fbb6e76f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\qkgeynbdljnjdcbmjb.gif.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\cGLZ_jmC_lOB0ujFfP\\B4tjiTd_NYk uV.bmp.Lime", "hashes": [ { "md5_hash": "f8a8e6adf87e50988f6afe69041bf3bc", "sha1_hash": "a19758a519ee1988e175c104406249dbfd899819", "sha256_hash": "e994ef93dcc6b432041411aab490fbdf22f7258987f4140a7fd20e9d8c219a95", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\cglz_jmc_lob0ujffp\\b4tjitd_nyk uv.bmp.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\cGLZ_jmC_lOB0ujFfP\\DC394OBjo9C.bmp.Lime", "hashes": [ { "md5_hash": "b5291809b8a3d6841d00a129a3668c31", "sha1_hash": "2263a7b583f32b506984163065c41aa5736506fb", "sha256_hash": "ba0a44b2bc81d19046e1e05ae96a55702829e8c74d9ea559fc6d3bca964566f3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\cglz_jmc_lob0ujffp\\dc394objo9c.bmp.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\C-56aS7eiAlL.mp3.Lime", "hashes": [ { "md5_hash": "f8d5cb7a00e83a49149d4622021fa5b7", "sha1_hash": "ecf37d0aa1bb699abb4b6f1bfb1ba5ebc43e1172", "sha256_hash": "3f9c4be52001bdc0622ab3e8b33131d749f02a8e80773babce9d699958965bc1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\c-56as7eiall.mp3.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\desktop.ini.Lime", "hashes": [ { "md5_hash": "bbecdaa0d5d5dff70246d8e481a133ae", "sha1_hash": "59464008c26a95368fb4cfc3e78e6726e45ac9ba", "sha256_hash": "2a52121b8b48b82524a604eb11e4387e009828454101301bf9082b72508c616a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\desktop.ini.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\GrU-M3D0ihjQ.wav.Lime", "hashes": [ { "md5_hash": "fbd8c5a14f99ea11a20c1ff956261d27", "sha1_hash": "6002af7f5e9928336c5fb4694afc2ac381a01331", "sha256_hash": "d1947ab433b644e42b7ab6cdb566a7dc835578180b0822277ea04ff4b4ed6608", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\gru-m3d0ihjq.wav.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Od32To.mp3.Lime", "hashes": [ { "md5_hash": "41fb7d419423fe05675a472228237edf", "sha1_hash": "1c2a9a43891bcd3d57dea5d1b7c469dea590ef67", "sha256_hash": "424ed283f523ee782bbb8ff96eaae18a66f3b05a5b5135a69ef8de7ed755deaf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\od32to.mp3.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Q0Ua0AHEpDpsIaUeq0.mp3.Lime", "hashes": [ { "md5_hash": "c11b3421e93e99a9f4e8588c9e6d19cd", "sha1_hash": "bd9c49df024f11fe5696c90eb0a4ba6eab851455", "sha256_hash": "e280296785805f92d2ef712b1d496a23c86ff294d3b9d7557349b31423fb6ba0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\q0ua0ahepdpsiaueq0.mp3.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\GGnH.m4a.Lime", "hashes": [ { "md5_hash": "2f83fe33b0187cc874874dee35b83c00", "sha1_hash": "32fdcfabc4f858ff7ad973a5a08fba06ae33d4d4", "sha256_hash": "dc3735b311a07d5212c839e07f472f08d8a8f60eceef76383e043aefde3c2b69", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\ggnh.m4a.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\gQfYFnBUFHd0b2hNpcm.wav.Lime", "hashes": [ { "md5_hash": "3b2c8cc031100456b9b0ffb630df0ab6", "sha1_hash": "2ad64c5d4e7359842e2148b78c442bb2c15fa92c", "sha256_hash": "ea72462195205f5f53848347d49a13d5f980fc8ef624334a204a42dcde841d14", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\gqfyfnbufhd0b2hnpcm.wav.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\gWCYViWIi.mp3.Lime", "hashes": [ { "md5_hash": "9a63c489b44c5bcaec8f54223f9d1ddc", "sha1_hash": "d87aba4cffead69f90729f35cd99848ba58eed43", "sha256_hash": "71f256e963cc4efa21b3ca27d9c5ed2ee9523efd012d162869e4dbb60ca77475", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\gwcyviwii.mp3.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\kz2M.mp3.Lime", "hashes": [ { "md5_hash": "232e3e201518c574f55948d982da7262", "sha1_hash": "acbab8ba8b246e038e2ee4cd39f48e10146589f4", "sha256_hash": "621e4d05e90a7da85ecff96f71cc85cdb6a0c215a21a7801796e19a20a6db720", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\kz2m.mp3.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\QvxPYeWmyW121.wav.Lime", "hashes": [ { "md5_hash": "30b1cbcca53c3afbf7739e9b5c485620", "sha1_hash": "6e7632974f0e8ef95663c011a7921b105d0009d6", "sha256_hash": "bcded786bc9f0f036c7760a25e425e9deb362c1265d59a3ba3b6545e3aab7d52", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\qvxpyewmyw121.wav.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\SY3CPSU.m4a.Lime", "hashes": [ { "md5_hash": "71e60381304f1802e946ff866646cd28", "sha1_hash": "7b52b959b53f7c79a597872fda5285b0a7612a44", "sha256_hash": "483972808aa0b1d792e66d2201c5b78067c217835d495b625da7baf1a06a4a54", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\sy3cpsu.m4a.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\UfKL.wav.Lime", "hashes": [ { "md5_hash": "b495fd88db772adac97d11470dd8a8bd", "sha1_hash": "b284b1a5203fcd4db7af7b5d58eb529b9bd50b15", "sha256_hash": "73442b4eb6caeccdfd967382166bd31b245fd660a136241f477c2a605b7393fb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\ufkl.wav.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\UXKqt2i9X6PC8.wav.Lime", "hashes": [ { "md5_hash": "2ce61dd19d7c10d95f54fba753b61738", "sha1_hash": "ac1089615d1750d344b7ec76b6ea4dc499875ba0", "sha256_hash": "a380013c0f1dd0c0d85144a283a881ac09ef175646a0c67663d768fd5dfb950c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\uxkqt2i9x6pc8.wav.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\vW e9IJ.mp3.Lime", "hashes": [ { "md5_hash": "7a87d1bc45fc6d5b99bfa3abe234568a", "sha1_hash": "de332830980ece74917caa8434af0a68e943b235", "sha256_hash": "57ce3032a943cbadbee69a59aeb817f1acebeec309fb0bb580065cd0354c2eb6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\vw e9ij.mp3.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\yOtFLh9S-- H9v.wav.Lime", "hashes": [ { "md5_hash": "5d5703232f6c7e693d45a9080797fce7", "sha1_hash": "23df6e3bd71165c4c4e106f377ec448f0e84a8b5", "sha256_hash": "da7d529409b523b4216ee38f38541f39f648e29b3da4846ed443957e0e847775", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\yotflh9s-- h9v.wav.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\40Y6k2FUB.avi.Lime", "hashes": [ { "md5_hash": "5ba848a370ecbc1d9392edc6eac9ef5b", "sha1_hash": "dde681e2c6ad9a32e576e64321df1dcac08a692e", "sha256_hash": "af95427274472be2882fff49284ab5a3eac5ede0f94da6648c7339b629594945", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\40y6k2fub.avi.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\2-Lzf_caeYTdiH8Ls.avi.Lime", "hashes": [ { "md5_hash": "7736005a93c48d4f5792444a73c22b5c", "sha1_hash": "aaa9c36387a59e1f1cb8e91ede7f9c320a00efc9", "sha256_hash": "92b0d410d7d6398e758576b05db4888a2711138f6f0a06bf58ddc9198bbfc236", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\2-lzf_caeytdih8ls.avi.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\2kZLcFwdX.mkv.Lime", "hashes": [ { "md5_hash": "3f72b45f772ab924e75bd7338e5a8f93", "sha1_hash": "3ffe94a87675650f531ed2659cf33e276fa28034", "sha256_hash": "86c13c0f9ff470e4f33fc7ec54c386e2f0f1871b4243b204125507a92d6d71f2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\2kzlcfwdx.mkv.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\6L2VJzd4y qgt3nZDwL.wav.Lime", "hashes": [ { "md5_hash": "91d0b4f5783581561a077f8f92b3141a", "sha1_hash": "6147e5c1bf5e5854614d0860a930541b3bd13c0a", "sha256_hash": "24839805f0ecab51b4ca4ec822fd6fc436a1efee638ec9fa0d78e8049563e19a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\6l2vjzd4y qgt3nzdwl.wav.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\6s FhIyFBc68flA.flv.Lime", "hashes": [ { "md5_hash": "5736547bcb17855352e15fa8a8cf0da8", "sha1_hash": "f098feb70877d38ced438ee66153f493e248bf0f", "sha256_hash": "b5f360c039a2d602364df75508f673b2821af174ea595822405d62d693011c48", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\6s fhiyfbc68fla.flv.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\7huc nP.mkv.Lime", "hashes": [ { "md5_hash": "da7cb2f1323a5a5708599b5d07b641ec", "sha1_hash": "f61222d95ff46b88b9f29322f7a5763527bfebb0", "sha256_hash": "1a5c0cdcd3f33a0184d467c99c9837721f0857358187bdd10589ae23d7d23ace", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\7huc np.mkv.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\mAKFQ5ZAPTIzrcE7IrU.ods.Lime", "hashes": [ { "md5_hash": "88831cd5bfab6063eaacddee7e5c6938", "sha1_hash": "f9d5013d07ae92624abd6562e8419c166a123bcb", "sha256_hash": "a07ba284e07f3c583e34972e57d8c5654396224169d3da853520c17402f409d8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\makfq5zaptizrce7iru.ods.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\mV3NggJ4W65.png.Lime", "hashes": [ { "md5_hash": "65b2b016d015d7f31a9818d6f03daa3d", "sha1_hash": "61341e31998a1faa5153037cfddae14c34248d20", "sha256_hash": "a613402abe1b7b0b647c9051b2399363463e072c10cc0bace9749318cc302f97", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\mv3nggj4w65.png.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\wVjrCaIySkl.jpg.Lime", "hashes": [ { "md5_hash": "be0e7a5ab911465203ec7f5487da93e5", "sha1_hash": "8dc5d60e704a256ffc8571c6d80a75cdf89e8c14", "sha256_hash": "f3c16f8c60c2fb20fc0197d73375f282b376ba8836ee0a418760fbc7062aecb7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wvjrcaiyskl.jpg.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\xCdHr9FnegVb5D0.pdf.Lime", "hashes": [ { "md5_hash": "b8f3165a278ec51a42def26e8d173a8b", "sha1_hash": "79ce39666cceb936f4716a46d148f25b222ceb68", "sha256_hash": "fe0ae165145e455fff3ebd83a651d9bf07341b479dc9fdefd93517245e123c6d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\xcdhr9fnegvb5d0.pdf.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\c OpBv-sTs\\HV1SiahR-wDxQNIsDtes.m4a.Lime", "hashes": [ { "md5_hash": "237ddb41e9949baeb6693976da0830ea", "sha1_hash": "06a03690a1af6bd7f5fadb302a280a25024ae48d", "sha256_hash": "efb821296eed29cbdccc6425afa105c2bff2dea737615d4f4d2ff92b02038ba3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\c opbv-sts\\hv1siahr-wdxqnisdtes.m4a.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\RSvw596pfT9dfXj QF8\\7mq72DdMZjhMf.jpg.Lime", "hashes": [ { "md5_hash": "9b4d9414327de03c6621157276c20c03", "sha1_hash": "3f4ffc64a14c8511feca0f2241393d0683d5c1ed", "sha256_hash": "98d0f7a708417bbc365ac91078f7170c2da6cec0fc60b0cc5a08227ed372984e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\rsvw596pft9dfxj qf8\\7mq72ddmzjhmf.jpg.lime", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\#Decryptor.exe", "hashes": [ { "md5_hash": "067c61ebc26990537ed9c52908cc6025", "sha1_hash": "00df5ad324626992fd83ecfca84b7297bbbfaa26", "sha256_hash": "60ef3c12e67a01d4445dc3bfac5545fc85b94e33c6c806a681186a5e1ed58561", "type": "file_hash", "version": 1 }, { "md5_hash": "a0e0875ab72ff05e04a2b928a30da0f8", "sha1_hash": "8b0e48e33f8c824b55227b7b504f84ccb996136b", "sha256_hash": "0ae0c749e69b33ad8fd3b14820a46bc39eae027a75fddc791dccb16b449a2bfc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\-sPM6vJb.odt", "hashes": [ { "md5_hash": "58393dcbf626cfa2e64abf5f28575be8", "sha1_hash": "db10c994113b5425ff93b59581a5c9c46aaabf33", "sha256_hash": "4bf873910a64441ccaeacdf8852d1b07f0c6c469c8cfb30394f133e51fa22a86", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\-spm6vjb.odt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\0u2YA.docx", "hashes": [ { "md5_hash": "a320cd9c75e3083bf63fb92c7649ae6b", "sha1_hash": "f630cf75c0ef711b159af4c02fdbde959cffe1bb", "sha256_hash": "406b291294e6c4c1cc2decbe675545637cdb8c133c87981c4c64e77c64a9bda9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\0u2ya.docx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\7wwG1Y1tq2o4XiF.pdf", "hashes": [ { "md5_hash": "fb6f7a95eb2466d83942f7c860d0ef92", "sha1_hash": "5ea740cdcd863e75c1956671fd51ee1162a195cf", "sha256_hash": "c1d0c9c9b48e9e14473f247bb4e690c6d06d998a23736a9c5e2ccd731e7792df", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\7wwg1y1tq2o4xif.pdf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\9TMo3uu8-Scl.xlsx", "hashes": [ { "md5_hash": "18cc57d055dbd0f5941e23419aa65ab0", "sha1_hash": "0f7166e2dcf95cffcf647a2b333b315c3935a2ab", "sha256_hash": "d32ef1ff293d8fb074e59a5a9e467a733fbc624bfbcb2a9a9790611e8f7540f8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\9tmo3uu8-scl.xlsx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\AEghbUBMs5NTL.pptx", "hashes": [ { "md5_hash": "d1cf1130d18e6e4c74d3bfabb2b92f21", "sha1_hash": "88874850a50903aae0caed235f60af3dc455a512", "sha256_hash": "8a7c1123605a784568aa1e4cf62f3a256ea92417822c24eedf7ce27bc2e02158", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\aeghbubms5ntl.pptx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\c94gQ1vFwVFBcDGwkD_.docx", "hashes": [ { "md5_hash": "7ad8bc3380511b4925e6395d3fcfa9b2", "sha1_hash": "bbb28eea7616ab36b23d6251cc24a225d88b279d", "sha256_hash": "15c7a555d745149508e5d327dfe1139ea7b1d860da904e2c014f4e97248489b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\c94gq1vfwvfbcdgwkd_.docx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\desktop.ini", "hashes": [ { "md5_hash": "ecf88f261853fe08d58e2e903220da14", "sha1_hash": "f72807a9e081906654ae196605e681d5938a2e6c", "sha256_hash": "cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\desktop.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\erHcl A2gBL1aT.docx", "hashes": [ { "md5_hash": "a7b21e63df46e1fb905b2a522b7344d8", "sha1_hash": "62c19701ef52142244eb102156dd39592777cd7e", "sha256_hash": "1057f4a6ee8945b5b62a519f2083f3b59cc3f8e311481e348b098468a0815126", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\erhcl a2gbl1at.docx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\eYeDf199l.xlsx", "hashes": [ { "md5_hash": "a96f62abda1c6e0b69ea17b84a75e4ba", "sha1_hash": "d7a6de0a918d918fae62b5771741b0efa317ff6b", "sha256_hash": "ed7d8f2de672435bee20e565ab6e5976af4a74758bf2092b6cf236a01d0c74a2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\eyedf199l.xlsx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\G 5ZX6m5N.docx", "hashes": [ { "md5_hash": "7fcd1501bb1e6377cfc477ac38c6cd6a", "sha1_hash": "b702e0777e4cc9886593859d41e1be0b2af85781", "sha256_hash": "8e3c9160ca415a81f42630372690914b8bf8573acdf356074dc75d3e47a5d296", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\g 5zx6m5n.docx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\gMur.xlsx", "hashes": [ { "md5_hash": "997cb45da07305a5295adadce04410e6", "sha1_hash": "0336a5e1609006d5fda1de11a43ad59f6b350afb", "sha256_hash": "ab9e36a1aecbf6ad45a86034a161f115a8b4f031e8bec177f46e30d421aadb31", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\gmur.xlsx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\h2PCXTBBfD dI.xlsx", "hashes": [ { "md5_hash": "b5d11377e240c9d4182487819bb696e5", "sha1_hash": "558b695cc95730f732c8ddf3f7ed973c55b6981b", "sha256_hash": "aa037a1aeb4fbd6ab534fe2fe774fc71d0f03ca79b5a1b6d972b9042763557a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\h2pcxtbbfd di.xlsx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\IYDMli-q8mF8cJ.ppt", "hashes": [ { "md5_hash": "89a101f6735aebaeb9f2f37bcb7c35a4", "sha1_hash": "96dec5a6c017ddd0e7b3286507ca03679c18b8b0", "sha256_hash": "70c616a305d92876229444b03d2787e15060de5f05eb19f10d3752366db99fa9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\iydmli-q8mf8cj.ppt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\o9Jfc-DjnB qX4.pptx", "hashes": [ { "md5_hash": "a4fa2518874f45be4ea728dd59e06469", "sha1_hash": "82a9792fe24d414d390cf6369866d6c2a2d8c2f7", "sha256_hash": "d3a44d490722d497c7235ccaa833fd5671d7841413c1d32d36817dbb10b6509b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\o9jfc-djnb qx4.pptx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OCZESPOCHPv.csv", "hashes": [ { "md5_hash": "a6dd475d55ae89c0c495742667cf04c9", "sha1_hash": "4486320b73acfc1cf4252b7c3f6aa0c6a848fc2b", "sha256_hash": "04c473b3899dfc95ac0675156eed6e91581a6e3b335ff95217a5b8177a6fe076", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\oczespochpv.csv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\oOjIQe2Ti5VBxCBHnG2.docx", "hashes": [ { "md5_hash": "927100c1e43af166a66ee4c719e986cb", "sha1_hash": "f0e74f7a3bb23214f26ea45c5f0b01f36e25c3ec", "sha256_hash": "7c4667ca8b873156623e4a119071b383b7dedeb3e08cbef83aec421f8a135039", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\oojiqe2ti5vbxcbhng2.docx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\wvqxSPNlMSl.xlsx", "hashes": [ { "md5_hash": "9e597634dd83f188f7c54793ea7911fc", "sha1_hash": "e0d16a8f056927b5ccb1c71bc6704743693a3c25", "sha256_hash": "e3663a81a83b566044a2b5d0161e9f999e212457451fedebad7fa690eca372d8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\wvqxspnlmsl.xlsx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\x7naB3SX5u.pptx", "hashes": [ { "md5_hash": "2ddc0f8eb8daf54320413c3827ca96f8", "sha1_hash": "5e20b75ea989cb07f8c4660f8f8b1fe993d0630e", "sha256_hash": "e817aa9e9feb2cf9ab35ba5901f1dfd21a8c39b3da500445e836f3700a251489", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\x7nab3sx5u.pptx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\0r-uDW4THkIUpl-oRh_.odt", "hashes": [ { "md5_hash": "f100080dc8c3ad3c4b3f107a423a3bf9", "sha1_hash": "c40ee4d57022abf161f1ed3a7698e854279dc938", "sha256_hash": "162f9044fc4e24728ae4e3cad7751f7d863cc00f78d2580922a782868af94eaa", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\0r-udw4thkiupl-orh_.odt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\B37K-LfrWIVyw.pps", "hashes": [ { "md5_hash": "a246d5fca5d699a98740cc3261a36f1f", "sha1_hash": "bf2848ae0818f8390b4cc0556c4a47978665654a", "sha256_hash": "a8daddf7d9bf5c4fb1aad39a1fe4ecb4345a37e8f3f2900c011096a4f5043232", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\b37k-lfrwivyw.pps", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\dupIwyYc2Jp.docx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\dupiwyyc2jp.docx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\gTN-k.odt", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\gtn-k.odt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\mT8RyiDfz3cr.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\mt8ryidfz3cr.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\nAdn7QwB885NzAt O.odp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\nadn7qwb885nzat o.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\nuvaV.rtf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\nuvav.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\BWmJPNLUzWsoVW5iDA\\hDVR7Lfi7YE7\\pvDIt6.pdf", "hashes": [ { "md5_hash": "52ce1e0b7ce3bc2061c3131c7c0b1f6f", "sha1_hash": "aeea0a492c9be1f442267b6d80c375e957705e3a", "sha256_hash": "69310ae8f6f9562a68bc46aae8f37fcf21a15c60f068c13fe9adca43a2bfc07f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\pvdit6.pdf", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\BWmJPNLUzWsoVW5iDA\\hDVR7Lfi7YE7\\U2 jrSbzpiR7OxWWq.pptx", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\u2 jrsbzpir7oxwwq.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\BWmJPNLUzWsoVW5iDA\\hDVR7Lfi7YE7\\w anjoZ7.doc", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\w anjoz7.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\Vksw T\\77jQfTI.csv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\vksw t\\77jqfti.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\desktop.ini", "hashes": [ { "md5_hash": "14967ba849b93421843b52d7e50b75a8", "sha1_hash": "523e3329eaf92f12918c1ceaee8b575e74e88318", "sha256_hash": "88c8875112fe06eeb89c4b53bab11c72f6db6ad6621fbc94c29e0ac50f83cb06", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\desktop.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\Favorites.vssx", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\favorites.vssx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\_private\\folder.ico", "hashes": [ { "md5_hash": "5130ee1b914d382af41ff3a35eb151b8", "sha1_hash": "81ad3e1731197926cc36fa9d12a1b224b6b82f5c", "sha256_hash": "baaf97e8e0606daecc8c3271b73b91b1d8b1f2e521ae677480b0a3f87173eb39", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\_private\\folder.ico", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\Outlook Files\\cjeijc.diuv@div.com.pst", "hashes": [ { "md5_hash": "ca76558a6946bce314bad215edd2ad25", "sha1_hash": "52930ef4033d72843f561d9f2d0a02d27fdf3dbf", "sha256_hash": "cf63f7457bda0006f06cd6716b75216b6a759671ee82787baeb28f1a7a921e8c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\outlook files\\cjeijc.diuv@div.com.pst", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\8YzC.gif", "hashes": [ { "md5_hash": "32c698f3bc99e6ee641f8d19fbd32533", "sha1_hash": "c63afa5a10f4034a3bd3c2f24caa0b4839e6d5ba", "sha256_hash": "6e6fb90bc296c80d98f9c69c60b6fc5a7c3c8aaa6dc04547e0656002bef29caa", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\8yzc.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\97QMvfP-n9T7b4U.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\97qmvfp-n9t7b4u.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\9pzHJofdZk0Fqc8d56gX.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\9pzhjofdzk0fqc8d56gx.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\GhM3IdiNT.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\ghm3idint.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\hosHP.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hoshp.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\cn2.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\cn2.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\eEmVU3Dk.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\eemvu3dk.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\FnZhHkemnJG.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\fnzhhkemnjg.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\NR6dMjKJCnTfSCqR.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\nr6dmjkjcntfscqr.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl\\qKgeyNbDLJNjdCbMJb.gif", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\qkgeynbdljnjdcbmjb.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\cGLZ_jmC_lOB0ujFfP\\B4tjiTd_NYk uV.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\cglz_jmc_lob0ujffp\\b4tjitd_nyk uv.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\cGLZ_jmC_lOB0ujFfP\\DC394OBjo9C.bmp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\cglz_jmc_lob0ujffp\\dc394objo9c.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\C-56aS7eiAlL.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\c-56as7eiall.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\desktop.ini", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\GrU-M3D0ihjQ.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\gru-m3d0ihjq.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Od32To.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\od32to.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\EQRSjs.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\eqrsjs.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\GGnH.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\ggnh.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\gQfYFnBUFHd0b2hNpcm.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\gqfyfnbufhd0b2hnpcm.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\gWCYViWIi.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\gwcyviwii.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\kz2M.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\kz2m.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\QvxPYeWmyW121.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\qvxpyewmyw121.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\SY3CPSU.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\sy3cpsu.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\UfKL.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\ufkl.wav", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\UXKqt2i9X6PC8.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\uxkqt2i9x6pc8.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\vW e9IJ.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\vw e9ij.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw\\yOtFLh9S-- H9v.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\yotflh9s-- h9v.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos\\40Y6k2FUB.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\40y6k2fub.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\2-Lzf_caeYTdiH8Ls.avi", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\2-lzf_caeytdih8ls.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\6L2VJzd4y qgt3nZDwL.wav", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\6l2vjzd4y qgt3nzdwl.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\6s FhIyFBc68flA.flv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\6s fhiyfbc68fla.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\m6MihhsYl_M5kam0.swf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\m6mihhsyl_m5kam0.swf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\mAKFQ5ZAPTIzrcE7IrU.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\makfq5zaptizrce7iru.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\mV3NggJ4W65.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\mv3nggj4w65.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\ViLLuBaagV2DSJK7a.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\villubaagv2dsjk7a.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\wVjrCaIySkl.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wvjrcaiyskl.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\c OpBv-sTs\\gnOVeG6HPj.doc", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\c opbv-sts\\gnoveg6hpj.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\c OpBv-sTs\\HV1SiahR-wDxQNIsDtes.m4a", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\c opbv-sts\\hv1siahr-wdxqnisdtes.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\c OpBv-sTs\\3zph\\3gLjWk8Dnbmky\\_epX.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\c opbv-sts\\3zph\\3gljwk8dnbmky\\_epx.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Microsoft\\", "hashes": [], "norm_filename": "c:\\microsoft", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\BWmJPNLUzWsoVW5iDA\\hDVR7Lfi7YE7", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\Vksw T", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\vksw t", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\Vksw T\\9bwEefny0rpp.ods", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\vksw t\\9bweefny0rpp.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Pictures", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my pictures", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\_private", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\_private", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Videos", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my videos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks\\My Notebook", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks\\My Notebook\\Open Notebook.onetoc2", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook\\open notebook.onetoc2", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\Outlook Files", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\outlook files", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\auOxLTYRVw31 BiYhvN.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\auoxltyrvw31 biyhvn.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\bGLKOcSLaAs0zqepqxl", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Pictures\\cGLZ_jmC_lOB0ujFfP", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\cglz_jmc_lob0ujffp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Q0Ua0AHEpDpsIaUeq0.mp3", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\q0ua0ahepdpsiaueq0.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\_wGbp3Qw", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Videos", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\videos", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\2kZLcFwdX.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\2kzlcfwdx.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\7huc nP.mkv", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\7huc np.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\xCdHr9FnegVb5D0.pdf", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\xcdhr9fnegvb5d0.pdf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\c OpBv-sTs", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\c opbv-sts", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\c OpBv-sTs\\3zph\\3gLjWk8Dnbmky", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\c opbv-sts\\3zph\\3gljwk8dnbmky", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\RSvw596pfT9dfXj QF8", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\rsvw596pft9dfxj qf8", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\RSvw596pfT9dfXj QF8\\7mq72DdMZjhMf.jpg", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\rsvw596pft9dfxj qf8\\7mq72ddmzjhmf.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\Crypt.exe.config", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\crypt.exe.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\Crypt.exe", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\crypt.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Fedb6bw2FnxWe\\ittEW9VaXDBQ.m4a.Lime", "hashes": [ { "md5_hash": "bc321946df2fb79b64c3fd4e4e4946e6", "sha1_hash": "3d97b8fd35439ef2969a0cd93d966d1e7e908de1", "sha256_hash": "03da487ed31144fba421d1e0456526c29ddfd99decd8b3923a4d3500cc940626", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\fedb6bw2fnxwe\\ittew9vaxdbq.m4a.lime", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\NTUSER.DAT", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\ntuser.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Microsoft", "hashes": [], "norm_filename": "c:\\microsoft", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My New App.accdb.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my new app.accdb.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\o9Jfc-DjnB qX4.pptx.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\o9jfc-djnb qx4.pptx.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\Opm-KSsufbHrNFHI.pptx.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\opm-kssufbhrnfhi.pptx.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\sbSKABnlrTuf_M3v.pps.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\sbskabnlrtuf_m3v.pps.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\VUzmAoyqtk9.xlsx.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\vuzmaoyqtk9.xlsx.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\vy83CXY9Y.pptx.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\vy83cxy9y.pptx.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\wvqxSPNlMSl.xlsx.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\wvqxspnlmsl.xlsx.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\0r-uDW4THkIUpl-oRh_.odt.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\0r-udw4thkiupl-orh_.odt.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\ghGjaAvcTAKO.odp.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ghgjaavctako.odp.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\sJKbeUBnH7w9.doc.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\sjkbeubnh7w9.doc.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\SqfVqA7Ma39tIEO.pps.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\sqfvqa7ma39tieo.pps.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\BWmJPNLUzWsoVW5iDA\\hDVR7Lfi7YE7\\pvDIt6.pdf.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\pvdit6.pdf.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Fedb6bw2FnxWe\\lBl5MdKA70EZa0p4H.wav.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\fedb6bw2fnxwe\\lbl5mdka70eza0p4h.wav.lime", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My New App.accdb", "hashes": [ { "md5_hash": "c45d578f9e9a1266af3cc6e5e97ba22c", "sha1_hash": "6c88ea4d469d67607c080ff382d00a99b1d1848f", "sha256_hash": "540d34f9fdd75b168b375af16a03fb56931cc091f3307e93b4c00ec425005b44", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my new app.accdb", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\Opm-KSsufbHrNFHI.pptx", "hashes": [ { "md5_hash": "7e44c83622cf642a687436b19bbdf7c5", "sha1_hash": "5257ebcbfe67babe8da4af6a572ba0b5f1ebf35b", "sha256_hash": "6495949d27728f9ab2513312a2372533c3d6d129fbe1a97c43f91aebd3e36de9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\opm-kssufbhrnfhi.pptx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\sbSKABnlrTuf_M3v.pps", "hashes": [ { "md5_hash": "ede2a099d42c2e374add4cf4ed6d8a66", "sha1_hash": "9fac5bd2d032ac39299e49a47fb09cb5dd81d0ca", "sha256_hash": "7efc6b3cee4c81707c2b7cf4debe15932f70e2a0e347dc9ca6a78056f1d17665", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\sbskabnlrtuf_m3v.pps", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\VUzmAoyqtk9.xlsx", "hashes": [ { "md5_hash": "97b5850dcd3d927977faeef6ec644fc0", "sha1_hash": "2af6bec46ea945bf863fedf9a49a54b869398c7e", "sha256_hash": "76427017d90f9a394db4b8c58bec354b8b41e7864edfd50e0228116a38c6cdc5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\vuzmaoyqtk9.xlsx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\vy83CXY9Y.pptx", "hashes": [ { "md5_hash": "1d8a7b969ceffa682c848fc0b28a2d22", "sha1_hash": "701ae2a769a783b87e2b46193b13b1f6d5af6742", "sha256_hash": "6b5310ad5e9a05d2d15893db1024d69735f09319d52f5f5f90f6c67763b63ce4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\vy83cxy9y.pptx", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\ghGjaAvcTAKO.odp", "hashes": [ { "md5_hash": "133115af56e424faf213adbd499d2a62", "sha1_hash": "4eed0715e868fe993aecfd668632e0d29813361a", "sha256_hash": "b432cea438644d72e9b27f52704db1bfc26b5fb3d3922f23ef042ab553fc5b38", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ghgjaavctako.odp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\MIQzp.pps", "hashes": [ { "md5_hash": "ac96e352209a62467275e902ac3351e6", "sha1_hash": "09fb35368d6f79f3e89b345df2d4f44337f00a08", "sha256_hash": "761cea0b1c9d61215a481c300ddf15a3427be7b5f32ba8564edec23becf097bb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\miqzp.pps", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\sJKbeUBnH7w9.doc", "hashes": [ { "md5_hash": "c70ea899fb2f0ebe752b448cddb37ea9", "sha1_hash": "c25aaa40c4e8c2b1f0d0db77f960ba0b80c70060", "sha256_hash": "c44f4fd12538fe0d64d47517d212ba3aaa1fdad1588afaf198ab5161646e4b21", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\sjkbeubnh7w9.doc", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\SqfVqA7Ma39tIEO.pps", "hashes": [ { "md5_hash": "8848697dc3f2d84ce39e5cc9dd05aa48", "sha1_hash": "714c58ac882aeadffdad48d6824aa1ddf4862f07", "sha256_hash": "f88e6e581e1d51fb0e1eeb4db2246f92a5d885fe6d6e6ef24adaf4b93cc04774", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\sqfvqa7ma39tieo.pps", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\BWmJPNLUzWsoVW5iDA\\hDVR7Lfi7YE7\\lKSFxnySxlvz37R4o.ppt", "hashes": [ { "md5_hash": "cb36d07465657ab460d8553a2391194a", "sha1_hash": "5c6b28582292b1e7684a31f931f428c981f444cb", "sha256_hash": "2022cb33b3c14bf23a99a7bc1052d3fb8c2b51b0ade81c1b8063bd3cefd819a1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\lksfxnysxlvz37r4o.ppt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks\\My Notebook\\Quick Notes.one", "hashes": [ { "md5_hash": "8225e9a335045f929e70f16497be6a6e", "sha1_hash": "967a519bee766ec649faa21cf2d5641a5c858353", "sha256_hash": "7420b80abec64b239c7823ab16d3b00914c10e1b35a50350391ba96cc579e81a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook\\quick notes.one", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Fedb6bw2FnxWe\\ittEW9VaXDBQ.m4a", "hashes": [ { "md5_hash": "9c6d979affdd7860884bb04c98d10afa", "sha1_hash": "b0fedebe8cd378113eab7e494f560583c16e57fe", "sha256_hash": "325dcda1b80ee42747d77d69ee1a91c512ac806099b440df64f942a18724446b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\fedb6bw2fnxwe\\ittew9vaxdbq.m4a", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Fedb6bw2FnxWe\\lBl5MdKA70EZa0p4H.wav", "hashes": [ { "md5_hash": "b53e14cc282779545cf989170687d987", "sha1_hash": "0e7841b54bd3dd81d48fd2aeb211d15030b799f5", "sha256_hash": "17e53cb0c9bd954dddb7d5c56fa4d4c464b5fddb6f8245d586f3cfab73e0358a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\fedb6bw2fnxwe\\lbl5mdka70eza0p4h.wav", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\KaaOrNRraztX\\AO-nFf kn\\BWmJPNLUzWsoVW5iDA\\hDVR7Lfi7YE7\\lKSFxnySxlvz37R4o.ppt.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\lksfxnysxlvz37r4o.ppt.lime", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\OneNote Notebooks\\My Notebook\\Quick Notes.one.Lime", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook\\quick notes.one.lime", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SYSTEM32\\RichEd20.DLL", "hashes": [], "norm_filename": "c:\\windows\\system32\\riched20.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\#Decryptor.exe.config", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\Fedb6bw2FnxWe", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\fedb6bw2fnxwe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\AppData\\Local", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\AppData\\Local\\EmieSiteList", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\emiesitelist", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\AppData\\Local\\EmieUserList", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\emieuserlist", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\AppData\\Local\\Google", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\google", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\AppData\\Local\\Google\\Chrome", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\google\\chrome", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5JgHKoaOfdp\\AppData\\Local\\Google\\Chrome\\User Data", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\appdata\\local\\google\\chrome\\user data", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [ { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\ConsoleApplication1\\ConsoleApplication1\\1.0.0.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/b6a11a5f191391aca1095932d387945c9ef934a3", "file_type": "created_file", "id": "file_2", "md5_hash": "79570daf5afe49ef71c9148c51aa1dda", "norm_filename": "c:\\microsoft\\hash", "sha1_hash": "b6a11a5f191391aca1095932d387945c9ef934a3", "sha256_hash": "a963f08069a8ba118efd65291347f46968be1e5a02bb81036ed3584ea972f0e3", "size": 50, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a66b7f2d457ac42df6587b1831ecadaeaae35e56", "file_type": "created_file", "id": "file_3", "md5_hash": "b4d942f4683ba6b39b7cce37c902355b", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\-spm6vjb.odt.lime", "sha1_hash": "a66b7f2d457ac42df6587b1831ecadaeaae35e56", "sha256_hash": "a44f8fcfa0d42cf77ef27e2ce5acf0ad9b4ae77ec6f5be9de07f78ac14ec11ce", "size": 63952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c0ebdbc21ddb63954919b3a45b392151fbc9f16b", "file_type": "created_file", "id": "file_4", "md5_hash": "2546d9ba9be02db58e8fe966ab91caea", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\0u2ya.docx.lime", "sha1_hash": "c0ebdbc21ddb63954919b3a45b392151fbc9f16b", "sha256_hash": "1efd55214870714732c1e9503d42c853f342603c93207dbe729325729689ef2b", "size": 11968, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6b7f727a9b5a7f2de9f5494d8cce8678cd9d4ca8", "file_type": "created_file", "id": "file_5", "md5_hash": "4919359f1310c4aefcda111370faf616", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\7wwg1y1tq2o4xif.pdf.lime", "sha1_hash": "6b7f727a9b5a7f2de9f5494d8cce8678cd9d4ca8", "sha256_hash": "de60cda7106e04857a224b2c139381dc5907348f8465827ad0366ea471ccbf64", "size": 1360, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62f42f357977e8edb15a956b472846fd42cf756f", "file_type": "created_file", "id": "file_6", "md5_hash": "424c59058aaca748e44049c9abc42f85", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\9tmo3uu8-scl.xlsx.lime", "sha1_hash": "62f42f357977e8edb15a956b472846fd42cf756f", "sha256_hash": "bbf01e9b2887fadc026683f02a469d7f991fac5240fc3777ecf3f6f3b1e0cb96", "size": 94416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8abce056fbccf6c09114555e172441aa16c67561", "file_type": "created_file", "id": "file_7", "md5_hash": "815ee7a3f7a76c7f3b38c1ae17fcd72e", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\aeghbubms5ntl.pptx.lime", "sha1_hash": "8abce056fbccf6c09114555e172441aa16c67561", "sha256_hash": "2189fcee260e07ef63e22ce138ade649ed24c8d061e292d7f64593b93e2a928b", "size": 69952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9fe9f87c32d73f2054d4fe01b35d096b0f6e3a47", "file_type": "created_file", "id": "file_8", "md5_hash": "862921b589b1174597317f170cbab044", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\c94gq1vfwvfbcdgwkd_.docx.lime", "sha1_hash": "9fe9f87c32d73f2054d4fe01b35d096b0f6e3a47", "sha256_hash": "bd1b4d09a8585e5676e94e24ffb2ebd2be748da757059de0792829119d1bf1ba", "size": 87824, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cc9f85de2a7c64983b76b792c886127d138a5aed", "file_type": "created_file", "id": "file_9", "md5_hash": "c9b46817038fb05173f74b2790bbc4ce", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\desktop.ini.lime", "sha1_hash": "cc9f85de2a7c64983b76b792c886127d138a5aed", "sha256_hash": "db5d72c549b2858b34b9b5e3c30992eddabea01e5932f4c96f85fff201341613", "size": 416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88449cd7ef630459459cca28010d9ca8afe14b34", "file_type": "created_file", "id": "file_10", "md5_hash": "8a71b4f4b4ad2e149140cb2b622b1fad", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\erhcl a2gbl1at.docx.lime", "sha1_hash": "88449cd7ef630459459cca28010d9ca8afe14b34", "sha256_hash": "515ff8c559e9c6e7954935a84d186ab4d02babe1ba2aabf27f31bc230828bfeb", "size": 50048, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/53cb828326932fff1ad9caea8f57461806bb230e", "file_type": "created_file", "id": "file_11", "md5_hash": "ae2cdd9a7f32633b027bd575d0f113dc", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\eyedf199l.xlsx.lime", "sha1_hash": "53cb828326932fff1ad9caea8f57461806bb230e", "sha256_hash": "bea704f52a0f00d060ac9941e436d630e7cada31f56fb73e48af2218d2411796", "size": 92560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a9dc1a26b2b735e470a74a18e40944eb7b4bd7ce", "file_type": "created_file", "id": "file_12", "md5_hash": "94bec26d56d482bd139bdfb85b01cec0", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\g 5zx6m5n.docx.lime", "sha1_hash": "a9dc1a26b2b735e470a74a18e40944eb7b4bd7ce", "sha256_hash": "85cbd08116d0556bf80968bdae8afba8d4e59270cee8f0c4d8ca0097661246bc", "size": 15088, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5d5dd5fed4d0390fe22f9e93247b43b68f7ef5c6", "file_type": "created_file", "id": "file_13", "md5_hash": "00921b3dd8f8a0b4c3c838ce320f8d51", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\gmur.xlsx.lime", "sha1_hash": "5d5dd5fed4d0390fe22f9e93247b43b68f7ef5c6", "sha256_hash": "9ef6930900b28d361eaa83d4cd61d1525e143c3ccffc312a22644d23aa27f4a4", "size": 79984, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4858c75da24b0b7dfd769f7b3da5d4405b6fc45c", "file_type": "created_file", "id": "file_14", "md5_hash": "b2c1aba23191532fc0d783f69e75770f", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\h2pcxtbbfd di.xlsx.lime", "sha1_hash": "4858c75da24b0b7dfd769f7b3da5d4405b6fc45c", "sha256_hash": "3d4def9f5b6a66da1060a8388b8d0119ebd8d0a56c4091682ede7fe757adb9db", "size": 62928, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dc663c05346efb28562d5a1c7fc5c82a2cab90ca", "file_type": "created_file", "id": "file_15", "md5_hash": "43785acb2b4829ee93a6166f488f3f43", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\iydmli-q8mf8cj.ppt.lime", "sha1_hash": "dc663c05346efb28562d5a1c7fc5c82a2cab90ca", "sha256_hash": "9a4d4bffaa3f4693a95905f1d125f721d3926beb00104f4b035c6b54d8c60714", "size": 20080, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d55113611d99fcf8132db6c89e38a7035fb4b7c5", "file_type": "created_file", "id": "file_16", "md5_hash": "b7246b6277c064427412b2b3f7ce6ffc", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\oczespochpv.csv.lime", "sha1_hash": "d55113611d99fcf8132db6c89e38a7035fb4b7c5", "sha256_hash": "c6a0f5d5f54b84da2cde0afe2ed7cde7095f06df136891752e06bec52fd7cd01", "size": 99744, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f0c3ca41a1e38db91f05d0bd1a007d3294ed2770", "file_type": "created_file", "id": "file_17", "md5_hash": "5ff36f203bba5b322f5b8687bfc8f0a2", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\oojiqe2ti5vbxcbhng2.docx.lime", "sha1_hash": "f0c3ca41a1e38db91f05d0bd1a007d3294ed2770", "sha256_hash": "5957d364d5e8c1b48c1b42eeb3fa02f4d4c5c3e2f1829a182d2a5445b576abe7", "size": 1712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/43fcfa1a53d7bc16eb97c3f98fc7241c186d6659", "file_type": "created_file", "id": "file_18", "md5_hash": "db0cc0cdc6760daae4c33c0948512fb6", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\x7nab3sx5u.pptx.lime", "sha1_hash": "43fcfa1a53d7bc16eb97c3f98fc7241c186d6659", "sha256_hash": "8f9a92d8c392f354ee9843901e1f5d0fd331f6056f1e3528118caa998ec2b9b9", "size": 96448, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/82d30c13eee7e1277275b27a50bb7dfacdb8cc9d", "file_type": "created_file", "id": "file_19", "md5_hash": "eda419c37b32c3b4aa1b721cb678a437", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\b37k-lfrwivyw.pps.lime", "sha1_hash": "82d30c13eee7e1277275b27a50bb7dfacdb8cc9d", "sha256_hash": "9dbeee248a82d89fc500ef79880ab80c3b3d8a95cb60c8866ec1bd13bc317b91", "size": 26352, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f40041b3f0a9f0d460112b99798a88b002695f16", "file_type": "created_file", "id": "file_20", "md5_hash": "846a4dddd2a1dd6c856e3040ff20f2bf", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\miqzp.pps.lime", "sha1_hash": "f40041b3f0a9f0d460112b99798a88b002695f16", "sha256_hash": "30012a509d48b4fa6da6e0e0b242526de79aaa8cbe373971c02ac7f10d58e540", "size": 2192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1a0cb04b9f174a09eb689fd29cd48343a10634c8", "file_type": "created_file", "id": "file_21", "md5_hash": "3de5fba903cec3f1edbd740b43e4c9f0", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\dupiwyyc2jp.docx.lime", "sha1_hash": "1a0cb04b9f174a09eb689fd29cd48343a10634c8", "sha256_hash": "0ad60be3f262f563d7fbebba20b4f7cb87c04e2e4c5e4de572b83266220a0cf9", "size": 58416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/42d2bd5e141cb52a34ea655dbf88e39ba694cad5", "file_type": "created_file", "id": "file_22", "md5_hash": "f341d44e54207d2b5ecafa488e0d6d41", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\gtn-k.odt.lime", "sha1_hash": "42d2bd5e141cb52a34ea655dbf88e39ba694cad5", "sha256_hash": "b5868ee3bca2076893a61add47be36d73e56868bf2aa8129431eaddafc11bc59", "size": 82480, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/abc7b577d51e6d8223fde047b95fdc56becb5f20", "file_type": "created_file", "id": "file_23", "md5_hash": "df4afaf4f93aaceb0d4e62cef5a86cf4", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\mt8ryidfz3cr.pptx.lime", "sha1_hash": "abc7b577d51e6d8223fde047b95fdc56becb5f20", "sha256_hash": "9216bc5e02ff640e2cd85f6dc7035a0ba6ea016b074346d374f65c47880cb038", "size": 56416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/516a82381412d27d61ca16b172cef47848ac2a27", "file_type": "created_file", "id": "file_24", "md5_hash": "f15adc0f50a7dc19f47f0d00b75ed444", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\nadn7qwb885nzat o.odp.lime", "sha1_hash": "516a82381412d27d61ca16b172cef47848ac2a27", "sha256_hash": "64e84454898b46715d6c573f812a36236bf4585e169553cf2bb5af036339e916", "size": 88144, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f91536a2dc4a9e9fb00953b0dd87555dd9b835c7", "file_type": "created_file", "id": "file_25", "md5_hash": "ae505c67a1f9c6807e2e64ebdff8c37b", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\nuvav.rtf.lime", "sha1_hash": "f91536a2dc4a9e9fb00953b0dd87555dd9b835c7", "sha256_hash": "f424568ed0e0742e9f7045cafaf42a9e10cc5dbb2e0d538ca8cd700ce50d4892", "size": 42336, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/21f73a8d3364d9f59d75732826a391b73a94da27", "file_type": "created_file", "id": "file_26", "md5_hash": "17e53bd42e9e3784a675460c04ebc5bc", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\u2 jrsbzpir7oxwwq.pptx.lime", "sha1_hash": "21f73a8d3364d9f59d75732826a391b73a94da27", "sha256_hash": "1b2790b749c9dc3c85a06d557e2962b01d220bf277274aba2bce80225f2178a7", "size": 74688, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a3c1943bce25a355e41fb1abb3708ec6ad56df55", "file_type": "created_file", "id": "file_27", "md5_hash": "056b121ba3acf890e659c167d6a07df3", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\w anjoz7.doc.lime", "sha1_hash": "a3c1943bce25a355e41fb1abb3708ec6ad56df55", "sha256_hash": "50fb1fa37546a0765205d0424199bf5c8159c1b33cb537d5d3e35e830aec6097", "size": 14640, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/afe3e1fb048518682ae7eabe0f3f877de3c3759b", "file_type": "created_file", "id": "file_28", "md5_hash": "1a58904a8f4ba4b6ff21bfa0a818100e", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\vksw t\\77jqfti.csv.lime", "sha1_hash": "afe3e1fb048518682ae7eabe0f3f877de3c3759b", "sha256_hash": "727add00ffb70858d8200cc3978111b36952698bf1651bc52c987d6391245f1d", "size": 70176, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8e959e4f97c1a0816fb8aa4af2fa4d78648ffa00", "file_type": "created_file", "id": "file_29", "md5_hash": "31f5d82dd9b4998635e79cac53e84cd8", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\vksw t\\9bweefny0rpp.ods.lime", "sha1_hash": "8e959e4f97c1a0816fb8aa4af2fa4d78648ffa00", "sha256_hash": "d4711d2201a585572de2ca9791b17db939b9abffb6f56abc46c556f73c05d497", "size": 31888, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e5073a14c3b2a9140d4d16009dc228818f9137ac", "file_type": "created_file", "id": "file_30", "md5_hash": "543aa4d0bab6eb92f144852b9321c9b2", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\desktop.ini.lime", "sha1_hash": "e5073a14c3b2a9140d4d16009dc228818f9137ac", "sha256_hash": "b4c49666006e8249df4923c13cfe489feb472ea5350dc96c9c552a7cd902884a", "size": 224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7341b43d325c1971d0caabc3dd8d361a2020c668", "file_type": "created_file", "id": "file_31", "md5_hash": "b89066756566fcf59d882699f2aed3a3", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\favorites.vssx.lime", "sha1_hash": "7341b43d325c1971d0caabc3dd8d361a2020c668", "sha256_hash": "1179b80a694dc4fc5e4f87ad86f8bb625ec972d54c1da2f97b51d3c259c3abb8", "size": 16, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/65312a2bd1539f3aa2702dbf0ae4e665a27581fc", "file_type": "created_file", "id": "file_32", "md5_hash": "7c0bc7cc02efbf4681b564565419920e", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\_private\\folder.ico.lime", "sha1_hash": "65312a2bd1539f3aa2702dbf0ae4e665a27581fc", "sha256_hash": "356a2f5864d5e933d3044ff8d1b970bd1a0d2e9c664745a9bc92582fc221fb13", "size": 29936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d15c599e256a7d53ffae0f60d0b2a7411124ddc4", "file_type": "created_file", "id": "file_33", "md5_hash": "3147acf6ff86361711af9cd9666eb006", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\outlook files\\cjeijc.diuv@div.com.pst.lime", "sha1_hash": "d15c599e256a7d53ffae0f60d0b2a7411124ddc4", "sha256_hash": "7cda96a618d8c66d7f42d9a569683b30986c6ad6caf88f7e1940f11a6b87b93a", "size": 271376, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/817fc246afcab2a188fd1a160465e0d368c42d19", "file_type": "created_file", "id": "file_34", "md5_hash": "26adc1f9ab71097bd0197bee8a3ce9e0", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\8yzc.gif.lime", "sha1_hash": "817fc246afcab2a188fd1a160465e0d368c42d19", "sha256_hash": "d91c3eb862790256ec19c1b161c5e0fba291212fe3918c54c7ac7fc0d7109499", "size": 48416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/02b899ed7ef44eaaaea793469d898fc191498790", "file_type": "created_file", "id": "file_35", "md5_hash": "8464ff4b3e9f397ccf609b1a41ad44d5", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\97qmvfp-n9t7b4u.png.lime", "sha1_hash": "02b899ed7ef44eaaaea793469d898fc191498790", "sha256_hash": "57dd4d4511a75a6999d4e0dd7410a21003c11a5f3a3b097905fdae9831b8f889", "size": 67456, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/75a85b1d0bd23ab66caf64c251da2af78809c293", "file_type": "created_file", "id": "file_36", "md5_hash": "ddf1569c4ee4980e9f06a0ab99fc9a78", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\9pzhjofdzk0fqc8d56gx.bmp.lime", "sha1_hash": "75a85b1d0bd23ab66caf64c251da2af78809c293", "sha256_hash": "97cc8af117df3c2143929e739a288dcd74ac549c59dac5bc3d4e615206fb5812", "size": 26992, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9b28d33d86a94aa351138e10073bdb2fc79f70eb", "file_type": "created_file", "id": "file_37", "md5_hash": "57786d413b451721be96c2ddbab09113", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\auoxltyrvw31 biyhvn.png.lime", "sha1_hash": "9b28d33d86a94aa351138e10073bdb2fc79f70eb", "sha256_hash": "6e8aa604822738992563e086227bab934c8a672c4f787c4f4849de32597c1a9f", "size": 45568, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/02bbb9921b9d89493f11067bf3cde44027875a5b", "file_type": "created_file", "id": "file_38", "md5_hash": "d2befa51c32e29e1b649063ca7df518a", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\hoshp.gif.lime", "sha1_hash": "02bbb9921b9d89493f11067bf3cde44027875a5b", "sha256_hash": "4fd2643d374ec75b8e9d82def8992c62d8130871e2104a7d5a5bbbfd3c40a0a0", "size": 99344, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cc4f196f2c84e8341319a9d160b59e1ef8cc7b75", "file_type": "created_file", "id": "file_39", "md5_hash": "4165af98fa053b0ee858800fdea6bf2b", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\cn2.bmp.lime", "sha1_hash": "cc4f196f2c84e8341319a9d160b59e1ef8cc7b75", "sha256_hash": "37b69b47f658dff4332165ccaa4cfa88d83cc13c0502fee6a512d5ae46e1c0a5", "size": 5664, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62ce2237261b73c50cff867af65cab8cd538454e", "file_type": "created_file", "id": "file_40", "md5_hash": "b7a5dafa65e2e3fa682f5465eb1b0916", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\eemvu3dk.bmp.lime", "sha1_hash": "62ce2237261b73c50cff867af65cab8cd538454e", "sha256_hash": "6a59dc100b1eaee7d56d79938e985486549ebd0b6b0917da24fe39571ea22573", "size": 24640, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e9788c8741af89cc2abc5ce89840cb45dc6fe459", "file_type": "created_file", "id": "file_41", "md5_hash": "273d2cab40ee021cef924385e9f4c715", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\fnzhhkemnjg.gif.lime", "sha1_hash": "e9788c8741af89cc2abc5ce89840cb45dc6fe459", "sha256_hash": "04a68085ad7d4195d1f82b683a8801a78efe5bc170386553eedc12a772336b41", "size": 19968, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1a4b13b00ce7944428fe442e64ab917cf379fac1", "file_type": "created_file", "id": "file_42", "md5_hash": "5f2dc9ccbe05c735697196fa730a5295", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\nr6dmjkjcntfscqr.gif.lime", "sha1_hash": "1a4b13b00ce7944428fe442e64ab917cf379fac1", "sha256_hash": "ac617690e7e57582c5f49af08ee04a6ced2a8b3082576c3eca0295a9b1a9b6cb", "size": 56688, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6a0424d118d3a53091d507ac8e29e67b2b433b63", "file_type": "created_file", "id": "file_43", "md5_hash": "4f0d0c36301c73cf775da773e984b771", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\bglkocslaas0zqepqxl\\qkgeynbdljnjdcbmjb.gif.lime", "sha1_hash": "6a0424d118d3a53091d507ac8e29e67b2b433b63", "sha256_hash": "d32a53331826fce9e18511db91f521bb5cc09964d78e290add6f8591fbb6e76f", "size": 46560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a19758a519ee1988e175c104406249dbfd899819", "file_type": "created_file", "id": "file_44", "md5_hash": "f8a8e6adf87e50988f6afe69041bf3bc", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\cglz_jmc_lob0ujffp\\b4tjitd_nyk uv.bmp.lime", "sha1_hash": "a19758a519ee1988e175c104406249dbfd899819", "sha256_hash": "e994ef93dcc6b432041411aab490fbdf22f7258987f4140a7fd20e9d8c219a95", "size": 102080, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2263a7b583f32b506984163065c41aa5736506fb", "file_type": "created_file", "id": "file_45", "md5_hash": "b5291809b8a3d6841d00a129a3668c31", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\cglz_jmc_lob0ujffp\\dc394objo9c.bmp.lime", "sha1_hash": "2263a7b583f32b506984163065c41aa5736506fb", "sha256_hash": "ba0a44b2bc81d19046e1e05ae96a55702829e8c74d9ea559fc6d3bca964566f3", "size": 36752, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ecf37d0aa1bb699abb4b6f1bfb1ba5ebc43e1172", "file_type": "created_file", "id": "file_46", "md5_hash": "f8d5cb7a00e83a49149d4622021fa5b7", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\c-56as7eiall.mp3.lime", "sha1_hash": "ecf37d0aa1bb699abb4b6f1bfb1ba5ebc43e1172", "sha256_hash": "3f9c4be52001bdc0622ab3e8b33131d749f02a8e80773babce9d699958965bc1", "size": 25072, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/59464008c26a95368fb4cfc3e78e6726e45ac9ba", "file_type": "created_file", "id": "file_47", "md5_hash": "bbecdaa0d5d5dff70246d8e481a133ae", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\desktop.ini.lime", "sha1_hash": "59464008c26a95368fb4cfc3e78e6726e45ac9ba", "sha256_hash": "2a52121b8b48b82524a604eb11e4387e009828454101301bf9082b72508c616a", "size": 512, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6002af7f5e9928336c5fb4694afc2ac381a01331", "file_type": "created_file", "id": "file_48", "md5_hash": "fbd8c5a14f99ea11a20c1ff956261d27", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\gru-m3d0ihjq.wav.lime", "sha1_hash": "6002af7f5e9928336c5fb4694afc2ac381a01331", "sha256_hash": "d1947ab433b644e42b7ab6cdb566a7dc835578180b0822277ea04ff4b4ed6608", "size": 91248, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1c2a9a43891bcd3d57dea5d1b7c469dea590ef67", "file_type": "created_file", "id": "file_49", "md5_hash": "41fb7d419423fe05675a472228237edf", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\od32to.mp3.lime", "sha1_hash": "1c2a9a43891bcd3d57dea5d1b7c469dea590ef67", "sha256_hash": "424ed283f523ee782bbb8ff96eaae18a66f3b05a5b5135a69ef8de7ed755deaf", "size": 18496, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bd9c49df024f11fe5696c90eb0a4ba6eab851455", "file_type": "created_file", "id": "file_50", "md5_hash": "c11b3421e93e99a9f4e8588c9e6d19cd", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\q0ua0ahepdpsiaueq0.mp3.lime", "sha1_hash": "bd9c49df024f11fe5696c90eb0a4ba6eab851455", "sha256_hash": "e280296785805f92d2ef712b1d496a23c86ff294d3b9d7557349b31423fb6ba0", "size": 33888, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/32fdcfabc4f858ff7ad973a5a08fba06ae33d4d4", "file_type": "created_file", "id": "file_51", "md5_hash": "2f83fe33b0187cc874874dee35b83c00", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\ggnh.m4a.lime", "sha1_hash": "32fdcfabc4f858ff7ad973a5a08fba06ae33d4d4", "sha256_hash": "dc3735b311a07d5212c839e07f472f08d8a8f60eceef76383e043aefde3c2b69", "size": 4848, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2ad64c5d4e7359842e2148b78c442bb2c15fa92c", "file_type": "created_file", "id": "file_52", "md5_hash": "3b2c8cc031100456b9b0ffb630df0ab6", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\gqfyfnbufhd0b2hnpcm.wav.lime", "sha1_hash": "2ad64c5d4e7359842e2148b78c442bb2c15fa92c", "sha256_hash": "ea72462195205f5f53848347d49a13d5f980fc8ef624334a204a42dcde841d14", "size": 86688, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d87aba4cffead69f90729f35cd99848ba58eed43", "file_type": "created_file", "id": "file_53", "md5_hash": "9a63c489b44c5bcaec8f54223f9d1ddc", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\gwcyviwii.mp3.lime", "sha1_hash": "d87aba4cffead69f90729f35cd99848ba58eed43", "sha256_hash": "71f256e963cc4efa21b3ca27d9c5ed2ee9523efd012d162869e4dbb60ca77475", "size": 32432, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/acbab8ba8b246e038e2ee4cd39f48e10146589f4", "file_type": "created_file", "id": "file_54", "md5_hash": "232e3e201518c574f55948d982da7262", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\kz2m.mp3.lime", "sha1_hash": "acbab8ba8b246e038e2ee4cd39f48e10146589f4", "sha256_hash": "621e4d05e90a7da85ecff96f71cc85cdb6a0c215a21a7801796e19a20a6db720", "size": 83616, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6e7632974f0e8ef95663c011a7921b105d0009d6", "file_type": "created_file", "id": "file_55", "md5_hash": "30b1cbcca53c3afbf7739e9b5c485620", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\qvxpyewmyw121.wav.lime", "sha1_hash": "6e7632974f0e8ef95663c011a7921b105d0009d6", "sha256_hash": "bcded786bc9f0f036c7760a25e425e9deb362c1265d59a3ba3b6545e3aab7d52", "size": 99008, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7b52b959b53f7c79a597872fda5285b0a7612a44", "file_type": "created_file", "id": "file_56", "md5_hash": "71e60381304f1802e946ff866646cd28", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\sy3cpsu.m4a.lime", "sha1_hash": "7b52b959b53f7c79a597872fda5285b0a7612a44", "sha256_hash": "483972808aa0b1d792e66d2201c5b78067c217835d495b625da7baf1a06a4a54", "size": 84512, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b284b1a5203fcd4db7af7b5d58eb529b9bd50b15", "file_type": "created_file", "id": "file_57", "md5_hash": "b495fd88db772adac97d11470dd8a8bd", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\ufkl.wav.lime", "sha1_hash": "b284b1a5203fcd4db7af7b5d58eb529b9bd50b15", "sha256_hash": "73442b4eb6caeccdfd967382166bd31b245fd660a136241f477c2a605b7393fb", "size": 87888, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac1089615d1750d344b7ec76b6ea4dc499875ba0", "file_type": "created_file", "id": "file_58", "md5_hash": "2ce61dd19d7c10d95f54fba753b61738", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\uxkqt2i9x6pc8.wav.lime", "sha1_hash": "ac1089615d1750d344b7ec76b6ea4dc499875ba0", "sha256_hash": "a380013c0f1dd0c0d85144a283a881ac09ef175646a0c67663d768fd5dfb950c", "size": 40224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/de332830980ece74917caa8434af0a68e943b235", "file_type": "created_file", "id": "file_59", "md5_hash": "7a87d1bc45fc6d5b99bfa3abe234568a", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\vw e9ij.mp3.lime", "sha1_hash": "de332830980ece74917caa8434af0a68e943b235", "sha256_hash": "57ce3032a943cbadbee69a59aeb817f1acebeec309fb0bb580065cd0354c2eb6", "size": 87152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/23df6e3bd71165c4c4e106f377ec448f0e84a8b5", "file_type": "created_file", "id": "file_60", "md5_hash": "5d5703232f6c7e693d45a9080797fce7", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\_wgbp3qw\\yotflh9s-- h9v.wav.lime", "sha1_hash": "23df6e3bd71165c4c4e106f377ec448f0e84a8b5", "sha256_hash": "da7d529409b523b4216ee38f38541f39f648e29b3da4846ed443957e0e847775", "size": 29456, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dde681e2c6ad9a32e576e64321df1dcac08a692e", "file_type": "created_file", "id": "file_61", "md5_hash": "5ba848a370ecbc1d9392edc6eac9ef5b", "norm_filename": "c:\\users\\5jghkoaofdp\\videos\\40y6k2fub.avi.lime", "sha1_hash": "dde681e2c6ad9a32e576e64321df1dcac08a692e", "sha256_hash": "af95427274472be2882fff49284ab5a3eac5ede0f94da6648c7339b629594945", "size": 97952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aaa9c36387a59e1f1cb8e91ede7f9c320a00efc9", "file_type": "created_file", "id": "file_62", "md5_hash": "7736005a93c48d4f5792444a73c22b5c", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\2-lzf_caeytdih8ls.avi.lime", "sha1_hash": "aaa9c36387a59e1f1cb8e91ede7f9c320a00efc9", "sha256_hash": "92b0d410d7d6398e758576b05db4888a2711138f6f0a06bf58ddc9198bbfc236", "size": 86288, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3ffe94a87675650f531ed2659cf33e276fa28034", "file_type": "created_file", "id": "file_63", "md5_hash": "3f72b45f772ab924e75bd7338e5a8f93", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\2kzlcfwdx.mkv.lime", "sha1_hash": "3ffe94a87675650f531ed2659cf33e276fa28034", "sha256_hash": "86c13c0f9ff470e4f33fc7ec54c386e2f0f1871b4243b204125507a92d6d71f2", "size": 69168, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6147e5c1bf5e5854614d0860a930541b3bd13c0a", "file_type": "created_file", "id": "file_64", "md5_hash": "91d0b4f5783581561a077f8f92b3141a", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\6l2vjzd4y qgt3nzdwl.wav.lime", "sha1_hash": "6147e5c1bf5e5854614d0860a930541b3bd13c0a", "sha256_hash": "24839805f0ecab51b4ca4ec822fd6fc436a1efee638ec9fa0d78e8049563e19a", "size": 97088, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f098feb70877d38ced438ee66153f493e248bf0f", "file_type": "created_file", "id": "file_65", "md5_hash": "5736547bcb17855352e15fa8a8cf0da8", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\6s fhiyfbc68fla.flv.lime", "sha1_hash": "f098feb70877d38ced438ee66153f493e248bf0f", "sha256_hash": "b5f360c039a2d602364df75508f673b2821af174ea595822405d62d693011c48", "size": 35136, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f61222d95ff46b88b9f29322f7a5763527bfebb0", "file_type": "created_file", "id": "file_66", "md5_hash": "da7cb2f1323a5a5708599b5d07b641ec", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\7huc np.mkv.lime", "sha1_hash": "f61222d95ff46b88b9f29322f7a5763527bfebb0", "sha256_hash": "1a5c0cdcd3f33a0184d467c99c9837721f0857358187bdd10589ae23d7d23ace", "size": 100736, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f9d5013d07ae92624abd6562e8419c166a123bcb", "file_type": "created_file", "id": "file_67", "md5_hash": "88831cd5bfab6063eaacddee7e5c6938", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\makfq5zaptizrce7iru.ods.lime", "sha1_hash": "f9d5013d07ae92624abd6562e8419c166a123bcb", "sha256_hash": "a07ba284e07f3c583e34972e57d8c5654396224169d3da853520c17402f409d8", "size": 55904, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/61341e31998a1faa5153037cfddae14c34248d20", "file_type": "created_file", "id": "file_68", "md5_hash": "65b2b016d015d7f31a9818d6f03daa3d", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\mv3nggj4w65.png.lime", "sha1_hash": "61341e31998a1faa5153037cfddae14c34248d20", "sha256_hash": "a613402abe1b7b0b647c9051b2399363463e072c10cc0bace9749318cc302f97", "size": 24128, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8dc5d60e704a256ffc8571c6d80a75cdf89e8c14", "file_type": "created_file", "id": "file_69", "md5_hash": "be0e7a5ab911465203ec7f5487da93e5", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\wvjrcaiyskl.jpg.lime", "sha1_hash": "8dc5d60e704a256ffc8571c6d80a75cdf89e8c14", "sha256_hash": "f3c16f8c60c2fb20fc0197d73375f282b376ba8836ee0a418760fbc7062aecb7", "size": 20640, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79ce39666cceb936f4716a46d148f25b222ceb68", "file_type": "created_file", "id": "file_70", "md5_hash": "b8f3165a278ec51a42def26e8d173a8b", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\xcdhr9fnegvb5d0.pdf.lime", "sha1_hash": "79ce39666cceb936f4716a46d148f25b222ceb68", "sha256_hash": "fe0ae165145e455fff3ebd83a651d9bf07341b479dc9fdefd93517245e123c6d", "size": 3408, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/06a03690a1af6bd7f5fadb302a280a25024ae48d", "file_type": "created_file", "id": "file_71", "md5_hash": "237ddb41e9949baeb6693976da0830ea", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\c opbv-sts\\hv1siahr-wdxqnisdtes.m4a.lime", "sha1_hash": "06a03690a1af6bd7f5fadb302a280a25024ae48d", "sha256_hash": "efb821296eed29cbdccc6425afa105c2bff2dea737615d4f4d2ff92b02038ba3", "size": 42368, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3f4ffc64a14c8511feca0f2241393d0683d5c1ed", "file_type": "created_file", "id": "file_72", "md5_hash": "9b4d9414327de03c6621157276c20c03", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\rsvw596pft9dfxj qf8\\7mq72ddmzjhmf.jpg.lime", "sha1_hash": "3f4ffc64a14c8511feca0f2241393d0683d5c1ed", "sha256_hash": "98d0f7a708417bbc365ac91078f7170c2da6cec0fc60b0cc5a08227ed372984e", "size": 75840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/00df5ad324626992fd83ecfca84b7297bbbfaa26", "file_type": "created_file", "id": "file_73", "md5_hash": "067c61ebc26990537ed9c52908cc6025", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe", "sha1_hash": "00df5ad324626992fd83ecfca84b7297bbbfaa26", "sha256_hash": "60ef3c12e67a01d4445dc3bfac5545fc85b94e33c6c806a681186a5e1ed58561", "size": 402432, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8b0e48e33f8c824b55227b7b504f84ccb996136b", "file_type": "created_file", "id": "file_74", "md5_hash": "a0e0875ab72ff05e04a2b928a30da0f8", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe", "sha1_hash": "8b0e48e33f8c824b55227b7b504f84ccb996136b", "sha256_hash": "0ae0c749e69b33ad8fd3b14820a46bc39eae027a75fddc791dccb16b449a2bfc", "size": 402437, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7e89c27d5cd44cd53b8ab6c8c08aab6ce0bc07fe", "file_type": "created_file", "id": "file_75", "md5_hash": "292cc611f0a5c4acd4cb5dd1fab236f6", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\#background.png", "sha1_hash": "7e89c27d5cd44cd53b8ab6c8c08aab6ce0bc07fe", "sha256_hash": "cfaca5d62f7d5ea934b3a80069c3de24b062c6fc7d696f2514dd587bf86ebcca", "size": 29775, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/db10c994113b5425ff93b59581a5c9c46aaabf33", "file_type": "created_file", "id": "file_76", "md5_hash": "58393dcbf626cfa2e64abf5f28575be8", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\-spm6vjb.odt", "sha1_hash": "db10c994113b5425ff93b59581a5c9c46aaabf33", "sha256_hash": "4bf873910a64441ccaeacdf8852d1b07f0c6c469c8cfb30394f133e51fa22a86", "size": 63938, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f630cf75c0ef711b159af4c02fdbde959cffe1bb", "file_type": "created_file", "id": "file_77", "md5_hash": "a320cd9c75e3083bf63fb92c7649ae6b", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\0u2ya.docx", "sha1_hash": "f630cf75c0ef711b159af4c02fdbde959cffe1bb", "sha256_hash": "406b291294e6c4c1cc2decbe675545637cdb8c133c87981c4c64e77c64a9bda9", "size": 11958, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5ea740cdcd863e75c1956671fd51ee1162a195cf", "file_type": "created_file", "id": "file_78", "md5_hash": "fb6f7a95eb2466d83942f7c860d0ef92", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\7wwg1y1tq2o4xif.pdf", "sha1_hash": "5ea740cdcd863e75c1956671fd51ee1162a195cf", "sha256_hash": "c1d0c9c9b48e9e14473f247bb4e690c6d06d998a23736a9c5e2ccd731e7792df", "size": 1359, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0f7166e2dcf95cffcf647a2b333b315c3935a2ab", "file_type": "created_file", "id": "file_79", "md5_hash": "18cc57d055dbd0f5941e23419aa65ab0", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\9tmo3uu8-scl.xlsx", "sha1_hash": "0f7166e2dcf95cffcf647a2b333b315c3935a2ab", "sha256_hash": "d32ef1ff293d8fb074e59a5a9e467a733fbc624bfbcb2a9a9790611e8f7540f8", "size": 94414, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88874850a50903aae0caed235f60af3dc455a512", "file_type": "created_file", "id": "file_80", "md5_hash": "d1cf1130d18e6e4c74d3bfabb2b92f21", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\aeghbubms5ntl.pptx", "sha1_hash": "88874850a50903aae0caed235f60af3dc455a512", "sha256_hash": "8a7c1123605a784568aa1e4cf62f3a256ea92417822c24eedf7ce27bc2e02158", "size": 69943, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bbb28eea7616ab36b23d6251cc24a225d88b279d", "file_type": "created_file", "id": "file_81", "md5_hash": "7ad8bc3380511b4925e6395d3fcfa9b2", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\c94gq1vfwvfbcdgwkd_.docx", "sha1_hash": "bbb28eea7616ab36b23d6251cc24a225d88b279d", "sha256_hash": "15c7a555d745149508e5d327dfe1139ea7b1d860da904e2c014f4e97248489b2", "size": 87821, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f72807a9e081906654ae196605e681d5938a2e6c", "file_type": "created_file", "id": "file_82", "md5_hash": "ecf88f261853fe08d58e2e903220da14", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\desktop.ini", "sha1_hash": "f72807a9e081906654ae196605e681d5938a2e6c", "sha256_hash": "cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844", "size": 402, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62c19701ef52142244eb102156dd39592777cd7e", "file_type": "created_file", "id": "file_83", "md5_hash": "a7b21e63df46e1fb905b2a522b7344d8", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\erhcl a2gbl1at.docx", "sha1_hash": "62c19701ef52142244eb102156dd39592777cd7e", "sha256_hash": "1057f4a6ee8945b5b62a519f2083f3b59cc3f8e311481e348b098468a0815126", "size": 50041, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d7a6de0a918d918fae62b5771741b0efa317ff6b", "file_type": "created_file", "id": "file_84", "md5_hash": "a96f62abda1c6e0b69ea17b84a75e4ba", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\eyedf199l.xlsx", "sha1_hash": "d7a6de0a918d918fae62b5771741b0efa317ff6b", "sha256_hash": "ed7d8f2de672435bee20e565ab6e5976af4a74758bf2092b6cf236a01d0c74a2", "size": 92552, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b702e0777e4cc9886593859d41e1be0b2af85781", "file_type": "created_file", "id": "file_85", "md5_hash": "7fcd1501bb1e6377cfc477ac38c6cd6a", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\g 5zx6m5n.docx", "sha1_hash": "b702e0777e4cc9886593859d41e1be0b2af85781", "sha256_hash": "8e3c9160ca415a81f42630372690914b8bf8573acdf356074dc75d3e47a5d296", "size": 15083, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0336a5e1609006d5fda1de11a43ad59f6b350afb", "file_type": "created_file", "id": "file_86", "md5_hash": "997cb45da07305a5295adadce04410e6", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\gmur.xlsx", "sha1_hash": "0336a5e1609006d5fda1de11a43ad59f6b350afb", "sha256_hash": "ab9e36a1aecbf6ad45a86034a161f115a8b4f031e8bec177f46e30d421aadb31", "size": 79981, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/558b695cc95730f732c8ddf3f7ed973c55b6981b", "file_type": "created_file", "id": "file_87", "md5_hash": "b5d11377e240c9d4182487819bb696e5", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\h2pcxtbbfd di.xlsx", "sha1_hash": "558b695cc95730f732c8ddf3f7ed973c55b6981b", "sha256_hash": "aa037a1aeb4fbd6ab534fe2fe774fc71d0f03ca79b5a1b6d972b9042763557a6", "size": 62916, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/96dec5a6c017ddd0e7b3286507ca03679c18b8b0", "file_type": "created_file", "id": "file_88", "md5_hash": "89a101f6735aebaeb9f2f37bcb7c35a4", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\iydmli-q8mf8cj.ppt", "sha1_hash": "96dec5a6c017ddd0e7b3286507ca03679c18b8b0", "sha256_hash": "70c616a305d92876229444b03d2787e15060de5f05eb19f10d3752366db99fa9", "size": 20068, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6c88ea4d469d67607c080ff382d00a99b1d1848f", "file_type": "created_file", "id": "file_89", "md5_hash": "c45d578f9e9a1266af3cc6e5e97ba22c", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my new app.accdb", "sha1_hash": "6c88ea4d469d67607c080ff382d00a99b1d1848f", "sha256_hash": "540d34f9fdd75b168b375af16a03fb56931cc091f3307e93b4c00ec425005b44", "size": 348160, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/82a9792fe24d414d390cf6369866d6c2a2d8c2f7", "file_type": "created_file", "id": "file_90", "md5_hash": "a4fa2518874f45be4ea728dd59e06469", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\o9jfc-djnb qx4.pptx", "sha1_hash": "82a9792fe24d414d390cf6369866d6c2a2d8c2f7", "sha256_hash": "d3a44d490722d497c7235ccaa833fd5671d7841413c1d32d36817dbb10b6509b", "size": 27412, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4486320b73acfc1cf4252b7c3f6aa0c6a848fc2b", "file_type": "created_file", "id": "file_91", "md5_hash": "a6dd475d55ae89c0c495742667cf04c9", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\oczespochpv.csv", "sha1_hash": "4486320b73acfc1cf4252b7c3f6aa0c6a848fc2b", "sha256_hash": "04c473b3899dfc95ac0675156eed6e91581a6e3b335ff95217a5b8177a6fe076", "size": 99738, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f0e74f7a3bb23214f26ea45c5f0b01f36e25c3ec", "file_type": "created_file", "id": "file_92", "md5_hash": "927100c1e43af166a66ee4c719e986cb", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\oojiqe2ti5vbxcbhng2.docx", "sha1_hash": "f0e74f7a3bb23214f26ea45c5f0b01f36e25c3ec", "sha256_hash": "7c4667ca8b873156623e4a119071b383b7dedeb3e08cbef83aec421f8a135039", "size": 1702, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5257ebcbfe67babe8da4af6a572ba0b5f1ebf35b", "file_type": "created_file", "id": "file_93", "md5_hash": "7e44c83622cf642a687436b19bbdf7c5", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\opm-kssufbhrnfhi.pptx", "sha1_hash": "5257ebcbfe67babe8da4af6a572ba0b5f1ebf35b", "sha256_hash": "6495949d27728f9ab2513312a2372533c3d6d129fbe1a97c43f91aebd3e36de9", "size": 75177, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9fac5bd2d032ac39299e49a47fb09cb5dd81d0ca", "file_type": "created_file", "id": "file_94", "md5_hash": "ede2a099d42c2e374add4cf4ed6d8a66", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\sbskabnlrtuf_m3v.pps", "sha1_hash": "9fac5bd2d032ac39299e49a47fb09cb5dd81d0ca", "sha256_hash": "7efc6b3cee4c81707c2b7cf4debe15932f70e2a0e347dc9ca6a78056f1d17665", "size": 31339, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2af6bec46ea945bf863fedf9a49a54b869398c7e", "file_type": "created_file", "id": "file_95", "md5_hash": "97b5850dcd3d927977faeef6ec644fc0", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\vuzmaoyqtk9.xlsx", "sha1_hash": "2af6bec46ea945bf863fedf9a49a54b869398c7e", "sha256_hash": "76427017d90f9a394db4b8c58bec354b8b41e7864edfd50e0228116a38c6cdc5", "size": 17675, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/701ae2a769a783b87e2b46193b13b1f6d5af6742", "file_type": "created_file", "id": "file_96", "md5_hash": "1d8a7b969ceffa682c848fc0b28a2d22", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\vy83cxy9y.pptx", "sha1_hash": "701ae2a769a783b87e2b46193b13b1f6d5af6742", "sha256_hash": "6b5310ad5e9a05d2d15893db1024d69735f09319d52f5f5f90f6c67763b63ce4", "size": 52600, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e0d16a8f056927b5ccb1c71bc6704743693a3c25", "file_type": "created_file", "id": "file_97", "md5_hash": "9e597634dd83f188f7c54793ea7911fc", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\wvqxspnlmsl.xlsx", "sha1_hash": "e0d16a8f056927b5ccb1c71bc6704743693a3c25", "sha256_hash": "e3663a81a83b566044a2b5d0161e9f999e212457451fedebad7fa690eca372d8", "size": 90406, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5e20b75ea989cb07f8c4660f8f8b1fe993d0630e", "file_type": "created_file", "id": "file_98", "md5_hash": "2ddc0f8eb8daf54320413c3827ca96f8", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\x7nab3sx5u.pptx", "sha1_hash": "5e20b75ea989cb07f8c4660f8f8b1fe993d0630e", "sha256_hash": "e817aa9e9feb2cf9ab35ba5901f1dfd21a8c39b3da500445e836f3700a251489", "size": 96442, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c40ee4d57022abf161f1ed3a7698e854279dc938", "file_type": "created_file", "id": "file_99", "md5_hash": "f100080dc8c3ad3c4b3f107a423a3bf9", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\0r-udw4thkiupl-orh_.odt", "sha1_hash": "c40ee4d57022abf161f1ed3a7698e854279dc938", "sha256_hash": "162f9044fc4e24728ae4e3cad7751f7d863cc00f78d2580922a782868af94eaa", "size": 97180, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bf2848ae0818f8390b4cc0556c4a47978665654a", "file_type": "created_file", "id": "file_100", "md5_hash": "a246d5fca5d699a98740cc3261a36f1f", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\b37k-lfrwivyw.pps", "sha1_hash": "bf2848ae0818f8390b4cc0556c4a47978665654a", "sha256_hash": "a8daddf7d9bf5c4fb1aad39a1fe4ecb4345a37e8f3f2900c011096a4f5043232", "size": 26344, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4eed0715e868fe993aecfd668632e0d29813361a", "file_type": "created_file", "id": "file_101", "md5_hash": "133115af56e424faf213adbd499d2a62", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ghgjaavctako.odp", "sha1_hash": "4eed0715e868fe993aecfd668632e0d29813361a", "sha256_hash": "b432cea438644d72e9b27f52704db1bfc26b5fb3d3922f23ef042ab553fc5b38", "size": 5221, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/09fb35368d6f79f3e89b345df2d4f44337f00a08", "file_type": "created_file", "id": "file_102", "md5_hash": "ac96e352209a62467275e902ac3351e6", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\miqzp.pps", "sha1_hash": "09fb35368d6f79f3e89b345df2d4f44337f00a08", "sha256_hash": "761cea0b1c9d61215a481c300ddf15a3427be7b5f32ba8564edec23becf097bb", "size": 2190, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c25aaa40c4e8c2b1f0d0db77f960ba0b80c70060", "file_type": "created_file", "id": "file_103", "md5_hash": "c70ea899fb2f0ebe752b448cddb37ea9", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\sjkbeubnh7w9.doc", "sha1_hash": "c25aaa40c4e8c2b1f0d0db77f960ba0b80c70060", "sha256_hash": "c44f4fd12538fe0d64d47517d212ba3aaa1fdad1588afaf198ab5161646e4b21", "size": 77360, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/714c58ac882aeadffdad48d6824aa1ddf4862f07", "file_type": "created_file", "id": "file_104", "md5_hash": "8848697dc3f2d84ce39e5cc9dd05aa48", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\sqfvqa7ma39tieo.pps", "sha1_hash": "714c58ac882aeadffdad48d6824aa1ddf4862f07", "sha256_hash": "f88e6e581e1d51fb0e1eeb4db2246f92a5d885fe6d6e6ef24adaf4b93cc04774", "size": 25965, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c6b28582292b1e7684a31f931f428c981f444cb", "file_type": "created_file", "id": "file_105", "md5_hash": "cb36d07465657ab460d8553a2391194a", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\lksfxnysxlvz37r4o.ppt", "sha1_hash": "5c6b28582292b1e7684a31f931f428c981f444cb", "sha256_hash": "2022cb33b3c14bf23a99a7bc1052d3fb8c2b51b0ade81c1b8063bd3cefd819a1", "size": 51471, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aeea0a492c9be1f442267b6d80c375e957705e3a", "file_type": "created_file", "id": "file_106", "md5_hash": "52ce1e0b7ce3bc2061c3131c7c0b1f6f", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\kaaornrraztx\\ao-nff kn\\bwmjpnluzwsovw5ida\\hdvr7lfi7ye7\\pvdit6.pdf", "sha1_hash": "aeea0a492c9be1f442267b6d80c375e957705e3a", "sha256_hash": "69310ae8f6f9562a68bc46aae8f37fcf21a15c60f068c13fe9adca43a2bfc07f", "size": 40454, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/523e3329eaf92f12918c1ceaee8b575e74e88318", "file_type": "created_file", "id": "file_107", "md5_hash": "14967ba849b93421843b52d7e50b75a8", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\desktop.ini", "sha1_hash": "523e3329eaf92f12918c1ceaee8b575e74e88318", "sha256_hash": "88c8875112fe06eeb89c4b53bab11c72f6db6ad6621fbc94c29e0ac50f83cb06", "size": 216, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_108", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\favorites.vssx", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/81ad3e1731197926cc36fa9d12a1b224b6b82f5c", "file_type": "created_file", "id": "file_109", "md5_hash": "5130ee1b914d382af41ff3a35eb151b8", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\_private\\folder.ico", "sha1_hash": "81ad3e1731197926cc36fa9d12a1b224b6b82f5c", "sha256_hash": "baaf97e8e0606daecc8c3271b73b91b1d8b1f2e521ae677480b0a3f87173eb39", "size": 29926, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/967a519bee766ec649faa21cf2d5641a5c858353", "file_type": "created_file", "id": "file_110", "md5_hash": "8225e9a335045f929e70f16497be6a6e", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\onenote notebooks\\my notebook\\quick notes.one", "sha1_hash": "967a519bee766ec649faa21cf2d5641a5c858353", "sha256_hash": "7420b80abec64b239c7823ab16d3b00914c10e1b35a50350391ba96cc579e81a", "size": 362024, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/52930ef4033d72843f561d9f2d0a02d27fdf3dbf", "file_type": "created_file", "id": "file_111", "md5_hash": "ca76558a6946bce314bad215edd2ad25", "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\outlook files\\cjeijc.diuv@div.com.pst", "sha1_hash": "52930ef4033d72843f561d9f2d0a02d27fdf3dbf", "sha256_hash": "cf63f7457bda0006f06cd6716b75216b6a759671ee82787baeb28f1a7a921e8c", "size": 271360, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c63afa5a10f4034a3bd3c2f24caa0b4839e6d5ba", "file_type": "created_file", "id": "file_112", "md5_hash": "32c698f3bc99e6ee641f8d19fbd32533", "norm_filename": "c:\\users\\5jghkoaofdp\\pictures\\8yzc.gif", "sha1_hash": "c63afa5a10f4034a3bd3c2f24caa0b4839e6d5ba", "sha256_hash": "6e6fb90bc296c80d98f9c69c60b6fc5a7c3c8aaa6dc04547e0656002bef29caa", "size": 48401, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b0fedebe8cd378113eab7e494f560583c16e57fe", "file_type": "created_file", "id": "file_113", "md5_hash": "9c6d979affdd7860884bb04c98d10afa", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\fedb6bw2fnxwe\\ittew9vaxdbq.m4a", "sha1_hash": "b0fedebe8cd378113eab7e494f560583c16e57fe", "sha256_hash": "325dcda1b80ee42747d77d69ee1a91c512ac806099b440df64f942a18724446b", "size": 88483, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3d97b8fd35439ef2969a0cd93d966d1e7e908de1", "file_type": "created_file", "id": "file_114", "md5_hash": "bc321946df2fb79b64c3fd4e4e4946e6", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\fedb6bw2fnxwe\\ittew9vaxdbq.m4a.lime", "sha1_hash": "3d97b8fd35439ef2969a0cd93d966d1e7e908de1", "sha256_hash": "03da487ed31144fba421d1e0456526c29ddfd99decd8b3923a4d3500cc940626", "size": 88496, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0e7841b54bd3dd81d48fd2aeb211d15030b799f5", "file_type": "created_file", "id": "file_115", "md5_hash": "b53e14cc282779545cf989170687d987", "norm_filename": "c:\\users\\5jghkoaofdp\\music\\fedb6bw2fnxwe\\lbl5mdka70eza0p4h.wav", "sha1_hash": "0e7841b54bd3dd81d48fd2aeb211d15030b799f5", "sha256_hash": "17e53cb0c9bd954dddb7d5c56fa4d4c464b5fddb6f8245d586f3cfab73e0358a", "size": 86525, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x0000000000140000-size_0x0000000000074000-perm_rwx.bin", "filename": "process_00000001-region_00000001-addr_0x0000000000140000-size_0x0000000000074000-perm_rwx.bin", "id": "proc_dump_116", "md5_hash": "148ff239705d05d5ca6de50e702fcfb1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f2e5f829afffb6b3e54a7485dff21cd9793458c", "sha256_hash": "f866c13e9bf239304e9a63fbb416fc39b7848fb7b0894cd931f069545286d45f", "size": 475136, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000002-addr_0x00000000001c0000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000002-addr_0x00000000001c0000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_117", "md5_hash": "fa04edfe990492b310d26b9b9ba17ae9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a3787c833232100673477e0786f595a82cb9ee5", "sha256_hash": "4f05e3c73ab24745ad420efe2e25f46749aac40d96b5c260307a1cdde8516559", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000003-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000003-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "f72f658be4cf91e0082d98d8bc183af5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "86191b5ae282b0f8b58012fc18b18d2504b9bcdf", "sha256_hash": "eff090d324b5c50a6625a81625d1ae852c1d67da55d0c20bc4ca70725e0d3327", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000005-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000005-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000006-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000006-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000009-addr_0x0000000000360000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000009-addr_0x0000000000360000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000012-addr_0x000000007ed63000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000012-addr_0x000000007ed63000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000013-addr_0x000000007ed6a000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000013-addr_0x000000007ed6a000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000014-addr_0x000000007ed6d000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000014-addr_0x000000007ed6d000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_125", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000155-addr_0x00000000003c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000155-addr_0x00000000003c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000159-addr_0x0000000000460000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000159-addr_0x0000000000460000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_127", "md5_hash": "95a94d97e4c0e94a22bf944aba56495e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9abc4cebec09f198118be6a69370aeec24f37f23", "sha256_hash": "67482b2d27888e7eb36ea185a25f6a658e740ef4782c7063aa38fa9a83b0d3bc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000165-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000165-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000168-addr_0x00000000001d0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000168-addr_0x00000000001d0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "1f1907b870d19ab5c03873ce4329c921", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c871dc90fd49ff28282641747be8daffd64ef778", "sha256_hash": "4e9a918f16d42dadd4373bedc50f5b83ead0ff9a6f0d674a14380ac76081f553", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000176-addr_0x0000000000700000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000176-addr_0x0000000000700000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "baef9a58304c1a157ba8a5755e9b5fcc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d526fdfe1091055232e398e8a78b0b531e70a95", "sha256_hash": "6d93d3196580a036fed781b110f12f8372e7e9d0e54a8656f863bd29d7ab25ce", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000185-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000185-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000186-addr_0x0000000000370000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000186-addr_0x0000000000370000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000193-addr_0x00000000003a0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000193-addr_0x00000000003a0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_133", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000194-addr_0x00000000003b0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000194-addr_0x00000000003b0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_134", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000195-addr_0x0000000000450000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000195-addr_0x0000000000450000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_135", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000196-addr_0x0000000000560000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000196-addr_0x0000000000560000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_136", "md5_hash": "284200404b9a33e23d7dcffd6524c2f1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bda55486821c85d0e515d19573a2c1c2674b1e35", "sha256_hash": "27a8db4675ecdc53e42eb7ff70734f5039e952879580110a972f02d9b8fa4712", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000197-addr_0x0000000000570000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000197-addr_0x0000000000570000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_137", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000198-addr_0x0000000000580000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000198-addr_0x0000000000580000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000199-addr_0x0000000000590000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000199-addr_0x0000000000590000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000200-addr_0x00000000005a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000200-addr_0x00000000005a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000201-addr_0x00000000005e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000201-addr_0x00000000005e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000202-addr_0x0000000000610000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000001-region_00000202-addr_0x0000000000610000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000203-addr_0x00000000006b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000203-addr_0x00000000006b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000204-addr_0x0000000001e30000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000204-addr_0x0000000001e30000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000205-addr_0x0000000002010000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000001-region_00000205-addr_0x0000000002010000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_145", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000207-addr_0x0000000004020000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000207-addr_0x0000000004020000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000210-addr_0x000000007ed64000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000210-addr_0x000000007ed64000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000211-addr_0x000000007ed67000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000211-addr_0x000000007ed67000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000215-addr_0x0000000004400000-size_0x0000000000160000-perm_rw.bin", "filename": "process_00000001-region_00000215-addr_0x0000000004400000-size_0x0000000000160000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "6137dd4d25736229153eed1eccc9a2a4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0637733e340d09eb8ab0f7ea642643c6795d047c", "sha256_hash": "15c39f3dc57e89550f016d8d8e7d2a3b2ca00a26c55d6260f32ab331169ff0b4", "size": 1441792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000218-addr_0x0000000004550000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000218-addr_0x0000000004550000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000220-addr_0x00000000006f0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000220-addr_0x00000000006f0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "769d854de97494fe802f1f0046c33b73", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0152261cce2b9d5af5715490ed28847b5fe2cd16", "sha256_hash": "2c8957e1948703675bd83607caf9049f9c8eeb3d510f7b66f4a8cbf8342aad93", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000226-addr_0x0000000001f30000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000226-addr_0x0000000001f30000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000227-addr_0x0000000001f40000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000227-addr_0x0000000001f40000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_153", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000230-addr_0x0000000001f50000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000230-addr_0x0000000001f50000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_154", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000231-addr_0x0000000001f70000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000001-region_00000231-addr_0x0000000001f70000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_155", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000232-addr_0x0000000001f80000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000232-addr_0x0000000001f80000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "495591cc507eb326357f98c58fd81612", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ed80054340f2dd166ca2a12e6f438a19270235b", "sha256_hash": "e0d573ccacebb196b9f26981e4a89b804b43411b43b8ce5092ba5e708a1b98f6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000233-addr_0x0000000004560000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000233-addr_0x0000000004560000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "f6ba204cbe3a86e4088840f92ec359ba", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e790537fb583bfec7d16cf6625bf028b4a461e0", "sha256_hash": "915cc7c4ecc123db37f47ecc12234ab65ec3e13997b76ac021c5625f191009bc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000234-addr_0x000000007ec3d000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000234-addr_0x000000007ec3d000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "e873882cadb80182c999a73e4b79343a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c14072ae0fa5980ce203ff2383ee719ee2afd391", "sha256_hash": "6d0b03b750fb0d918933f82038dfc8a17bbc9e47f7854e8109c4ce8d12d65afa", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000237-addr_0x0000000004660000-size_0x00000000000e0000-perm_rw.bin", "filename": "process_00000001-region_00000237-addr_0x0000000004660000-size_0x00000000000e0000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "8909eeac08781f72ed08b8bca198d9c2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "712faadf1acc4b61093a14fa5b5ab93f713e684f", "sha256_hash": "c8a19af4d7c95d1674f32c3790b5337d3c204171fbb311cc4e460a68e2af482b", "size": 917504, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000240-addr_0x000000007ebd0000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000001-region_00000240-addr_0x000000007ebd0000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_160", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000241-addr_0x000000007ebe0000-size_0x0000000000050000-perm_rwx.bin", "filename": "process_00000001-region_00000241-addr_0x000000007ebe0000-size_0x0000000000050000-perm_rwx.bin", "id": "proc_dump_161", "md5_hash": "f9a70fbb470e8ee722a6a861f92e77fd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1fe9b15888b611ac2daf72ed05d3eb9596355d21", "sha256_hash": "94a8ae99fbdd545a4574c96197929edb8913a9f5921e90cb543ca9e13ee5e22a", "size": 327680, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000243-addr_0x0000000004660000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000001-region_00000243-addr_0x0000000004660000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000244-addr_0x0000000004730000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000244-addr_0x0000000004730000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000245-addr_0x0000000001fc0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000245-addr_0x0000000001fc0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000246-addr_0x0000000004740000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000246-addr_0x0000000004740000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000248-addr_0x000000007ec3a000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000248-addr_0x000000007ec3a000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000250-addr_0x0000000001f60000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000250-addr_0x0000000001f60000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "1f1907b870d19ab5c03873ce4329c921", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c871dc90fd49ff28282641747be8daffd64ef778", "sha256_hash": "4e9a918f16d42dadd4373bedc50f5b83ead0ff9a6f0d674a14380ac76081f553", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000251-addr_0x0000000002000000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000251-addr_0x0000000002000000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "1f1907b870d19ab5c03873ce4329c921", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c871dc90fd49ff28282641747be8daffd64ef778", "sha256_hash": "4e9a918f16d42dadd4373bedc50f5b83ead0ff9a6f0d674a14380ac76081f553", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000252-addr_0x00000000048f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000252-addr_0x00000000048f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000256-addr_0x0000000004510000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000256-addr_0x0000000004510000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "fb5a8548108f3702218a1530f9b9eedd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "09728187695d4db6b944665885af6553f22231cd", "sha256_hash": "3376baf7dc256c01446422c1538ea4fdf6fe1a83dcb496d5dfa3ad45e67d652d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000260-addr_0x0000000004520000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000260-addr_0x0000000004520000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "2c709d211bafb458f197b0015af54988", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7c71af5839190e494d12070ac424bdea636a7ed", "sha256_hash": "03b53b3ab6c9f94efcebce05427dfa1cd1cabf55e3c353d6f58563bed6e54250", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000261-addr_0x0000000004530000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000261-addr_0x0000000004530000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "7e23167136520f212675f5db5c322066", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bae935e83008151129bc21d4e183e0ea46b550c0", "sha256_hash": "74e65fa00e4f9557984c568a4afcdffd03014f57c37fe1a5b51d8b08419468cf", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000267-addr_0x00000000046f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000267-addr_0x00000000046f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000275-addr_0x0000000004540000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000275-addr_0x0000000004540000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "aacf18105fed9fe4f6f734010eb6afe4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "02669299886901316c54a6b2b86cb3f25329c7b1", "sha256_hash": "12ff20cd552edff36e09c8904494cc1f14dd3f43a31b175a6bb665ab1f56e9f0", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000276-addr_0x0000000005ef0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000276-addr_0x0000000005ef0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000278-addr_0x0000000005f70000-size_0x00000000002a3000-perm_rw.bin", "filename": "process_00000001-region_00000278-addr_0x0000000005f70000-size_0x00000000002a3000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "260259a2521666649c663666ec224e46", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2b2787469954271434f01620408a90198be53e0", "sha256_hash": "b47e2584ad935cce2e5d6e6b302cb91c27d8c14dfe3102de947f90e5e85a6457", "size": 2764800, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000279-addr_0x0000000006220000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000279-addr_0x0000000006220000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "07a8b040c0e41e8c96d6b9cb0987cab4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f93f899e5f90b7f9e618f26b95048df3ca42600", "sha256_hash": "d2def5077d781f3148aa68d871c8276cba0ecd2f153e83139636ba4276be26d5", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000280-addr_0x0000000004700000-size_0x0000000000030000-perm_rw.bin", "filename": "process_00000001-region_00000280-addr_0x0000000004700000-size_0x0000000000030000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "82c11efa69fb7481675f14e7dd91774e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "faa50cf89773afccb56265c8b7f531a8a6fbbac6", "sha256_hash": "b6eb834188d31740d44f40ba9e4e813cde95a74672b337aafe29ce85fd486a82", "size": 196608, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000284-addr_0x0000000006320000-size_0x00000000000a2000-perm_rw.bin", "filename": "process_00000001-region_00000284-addr_0x0000000006320000-size_0x00000000000a2000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "f36d9d691a5163f370cc0506a3db82b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad2b59b9e1cf2b0cf4945183fb1a2cafe450440e", "sha256_hash": "5811500aa7964eb40a81a4ed4c17658a59e55540eaa46293706274ff8a954b02", "size": 663552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000287-addr_0x0000000000fb0000-size_0x0000000000068000-perm_rwx.bin", "filename": "process_00000002-region_00000287-addr_0x0000000000fb0000-size_0x0000000000068000-perm_rwx.bin", "id": "proc_dump_180", "md5_hash": "0e5dad7f2ac185c3325886076bef608a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eca1226645fc2b320a778d38c62b16f981a07809", "sha256_hash": "abbab952c565d7d04fa5a0914745238ac74941f50c86f89dcb1d288494e15293", "size": 425984, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000288-addr_0x0000000001020000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000288-addr_0x0000000001020000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "f0a0598db120aa6b21a21cd19d951ff1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f0d36ec86f6d571d3b45a4975d186164dde8d63", "sha256_hash": "17851c03ea21a75e5df4f76472baa7d46627d87f243b77e91412b8c75bd7817d", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000289-addr_0x0000000001040000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000289-addr_0x0000000001040000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "da7158e9ae750529d771bb454c38faa7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7592f61fcf8f872771de64b35bb363bc0cc0da7", "sha256_hash": "ee69c9b339c8cbb2d7feae8424e70a0528ecdb2575041f7c5a961432ffb309de", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000291-addr_0x0000000001060000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000291-addr_0x0000000001060000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000292-addr_0x00000000010a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000292-addr_0x00000000010a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000295-addr_0x000000007f605000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000295-addr_0x000000007f605000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000296-addr_0x000000007f606000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000296-addr_0x000000007f606000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000297-addr_0x000000007f60d000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000297-addr_0x000000007f60d000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000298-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000298-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_188", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000304-addr_0x00000000011c0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000304-addr_0x00000000011c0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000305-addr_0x00000000013c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000305-addr_0x00000000013c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000311-addr_0x0000000001590000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000311-addr_0x0000000001590000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "a0f58243267fe0a40bea2d02066ceeb5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9979ab94b03630711a7bbea5280ccc0dfde15226", "sha256_hash": "bd1a32d8ce5702a214483a592766c38a7f19540ec391fc6622800cab11ec5545", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000316-addr_0x0000000001030000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000316-addr_0x0000000001030000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "1f1907b870d19ab5c03873ce4329c921", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c871dc90fd49ff28282641747be8daffd64ef778", "sha256_hash": "4e9a918f16d42dadd4373bedc50f5b83ead0ff9a6f0d674a14380ac76081f553", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000317-addr_0x0000000001360000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000317-addr_0x0000000001360000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000318-addr_0x0000000001550000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000318-addr_0x0000000001550000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000328-addr_0x0000000001040000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000328-addr_0x0000000001040000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000329-addr_0x0000000001250000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000329-addr_0x0000000001250000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000343-addr_0x0000000001280000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000343-addr_0x0000000001280000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_197", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000344-addr_0x0000000001290000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000344-addr_0x0000000001290000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_198", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000345-addr_0x00000000012a0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000345-addr_0x00000000012a0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_199", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000346-addr_0x00000000012b0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000346-addr_0x00000000012b0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_200", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000347-addr_0x00000000012c0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000347-addr_0x00000000012c0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_201", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000348-addr_0x00000000012d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000348-addr_0x00000000012d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000349-addr_0x00000000012e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000349-addr_0x00000000012e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000350-addr_0x00000000012f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000350-addr_0x00000000012f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000351-addr_0x0000000001350000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000002-region_00000351-addr_0x0000000001350000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_205", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000352-addr_0x0000000001370000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000352-addr_0x0000000001370000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000353-addr_0x0000000001450000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000353-addr_0x0000000001450000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000354-addr_0x0000000001460000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000002-region_00000354-addr_0x0000000001460000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000355-addr_0x0000000002db0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000355-addr_0x0000000002db0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000357-addr_0x0000000004eb0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000357-addr_0x0000000004eb0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000360-addr_0x000000007f607000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000360-addr_0x000000007f607000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_211", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000361-addr_0x000000007f60a000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000361-addr_0x000000007f60a000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000365-addr_0x00000000013d0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000365-addr_0x00000000013d0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000369-addr_0x0000000001340000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000369-addr_0x0000000001340000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "1f1907b870d19ab5c03873ce4329c921", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c871dc90fd49ff28282641747be8daffd64ef778", "sha256_hash": "4e9a918f16d42dadd4373bedc50f5b83ead0ff9a6f0d674a14380ac76081f553", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000375-addr_0x00000000013b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000375-addr_0x00000000013b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000376-addr_0x00000000013d0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000376-addr_0x00000000013d0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_216", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000377-addr_0x00000000013e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000377-addr_0x00000000013e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_217", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000378-addr_0x0000000001440000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000378-addr_0x0000000001440000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000381-addr_0x0000000005530000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000002-region_00000381-addr_0x0000000005530000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_219", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000384-addr_0x0000000005540000-size_0x00000000001d0000-perm_rw.bin", "filename": "process_00000002-region_00000384-addr_0x0000000005540000-size_0x00000000001d0000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "5a6140844676ab662405d5ced5e845f1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18889a747a4c310d5e51204ee8f11b200df8c6fb", "sha256_hash": "37cdbeab1479b1f906254e366688443de2045771339f7253a9b4df7ecd5cea0f", "size": 1900544, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000387-addr_0x000000007f480000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000002-region_00000387-addr_0x000000007f480000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_221", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000388-addr_0x000000007f490000-size_0x0000000000050000-perm_rwx.bin", "filename": "process_00000002-region_00000388-addr_0x000000007f490000-size_0x0000000000050000-perm_rwx.bin", "id": "proc_dump_222", "md5_hash": "f9a70fbb470e8ee722a6a861f92e77fd", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1fe9b15888b611ac2daf72ed05d3eb9596355d21", "sha256_hash": "94a8ae99fbdd545a4574c96197929edb8913a9f5921e90cb543ca9e13ee5e22a", "size": 327680, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000396-addr_0x0000000005390000-size_0x0000000000150000-perm_rw.bin", "filename": "process_00000002-region_00000396-addr_0x0000000005390000-size_0x0000000000150000-perm_rw.bin", "id": "proc_dump_223", "md5_hash": "6279441e0e24fd8b52dd434d0174a4d7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "409d81a6639c8359203371d54c8b3baece42fbcd", "sha256_hash": "2c75637a58b192383b1369642e73e23385852ef20f06e32d4bbd09c003418ea4", "size": 1376256, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000397-addr_0x0000000001500000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000397-addr_0x0000000001500000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000398-addr_0x0000000005390000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000398-addr_0x0000000005390000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_225", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000399-addr_0x00000000054d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000399-addr_0x00000000054d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_226", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000401-addr_0x000000007f47d000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000401-addr_0x000000007f47d000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_227", "md5_hash": "865c003b52d2eca3271fb53a432c03a4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85867177bc9fb4c56627ddad6a7fe957126d1533", "sha256_hash": "76fc6987fdae15f2b681c01ef99736b39be0cf239efe6a1752cdcfb4b7ac6ef4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000403-addr_0x0000000005700000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000403-addr_0x0000000005700000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000404-addr_0x00000000013f0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000404-addr_0x00000000013f0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_229", "md5_hash": "1f1907b870d19ab5c03873ce4329c921", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c871dc90fd49ff28282641747be8daffd64ef778", "sha256_hash": "4e9a918f16d42dadd4373bedc50f5b83ead0ff9a6f0d674a14380ac76081f553", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000405-addr_0x0000000001420000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000405-addr_0x0000000001420000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "1f1907b870d19ab5c03873ce4329c921", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c871dc90fd49ff28282641747be8daffd64ef778", "sha256_hash": "4e9a918f16d42dadd4373bedc50f5b83ead0ff9a6f0d674a14380ac76081f553", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000406-addr_0x00000000055f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000406-addr_0x00000000055f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_231", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000416-addr_0x0000000001430000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000416-addr_0x0000000001430000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000419-addr_0x0000000007ef0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000419-addr_0x0000000007ef0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_233", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000420-addr_0x0000000001560000-size_0x0000000000004000-perm_rwx.bin", "filename": "process_00000002-region_00000420-addr_0x0000000001560000-size_0x0000000000004000-perm_rwx.bin", "id": "proc_dump_234", "md5_hash": "1f1907b870d19ab5c03873ce4329c921", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c871dc90fd49ff28282641747be8daffd64ef778", "sha256_hash": "4e9a918f16d42dadd4373bedc50f5b83ead0ff9a6f0d674a14380ac76081f553", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000421-addr_0x0000000007f70000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000002-region_00000421-addr_0x0000000007f70000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "3a05af41cf2e4bc5a9e776a55212dd0b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5eb9e5dd600a7fb843ffb1632d87de2d6e9c100", "sha256_hash": "b40286ceed97d4527a2de800335ac03a2453d9fd2822108a853f4111eb04db5c", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000426-addr_0x0000000001580000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000426-addr_0x0000000001580000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_236", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000428-addr_0x00000000054a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000428-addr_0x00000000054a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "8e6cf5a01a1c0d3a38935ede52c49249", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50f70227525214153e82ddd72daf4bd568a6f6f0", "sha256_hash": "b87932e7f0906817bb3d4e7d6488bfbed84f407e57e347e74de04f18994612be", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000431-addr_0x00000000054b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000431-addr_0x00000000054b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_238", "md5_hash": "05e80153f133ae41371851f458bba673", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da30c99bea08986907b3dd6402d4dfeaed1d30af", "sha256_hash": "c4d87ecea040779ffbd62df423672cf412830dee06604d7491af839dfcafe331", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000433-addr_0x00000000054b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000433-addr_0x00000000054b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "a29f1fb4815c022c9fba970052391621", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d6aa24ea9009b62c8d3ef7d7aa2b1429d03c7c1", "sha256_hash": "0d5af121d0153e0d2e9336bef86fcaa134b8104f61a0507def0e9278f70b905d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000434-addr_0x00000000054c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000434-addr_0x00000000054c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_240", "md5_hash": "9e489a8d922858ad76485e7bc94fb6f7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5cedb5b4678c28fae2400aed9f5fbda3926e98df", "sha256_hash": "9aea122a7b08b1eab19c4d4e6e19792eb49fc1e737cb0b4a9bf2197af9ce124c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000435-addr_0x00000000054b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000435-addr_0x00000000054b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_241", "md5_hash": "ed016e496ed07950ed5b6ebcaf6fd2b1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2749b8f29a57c76c0bab211bb4fa25bac1ce4b03", "sha256_hash": "c59fe6ad3914fb0636b5470f47c32527cf11ac9db6304f30fde74c2790b7823e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000436-addr_0x00000000054b0000-size_0x0000000000005000-perm_rw.bin", "filename": "process_00000002-region_00000436-addr_0x00000000054b0000-size_0x0000000000005000-perm_rw.bin", "id": "proc_dump_242", "md5_hash": "499f6a31120d9b18ed3d0c360cb245f4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5e113af1658293986233a3f7a4ec8ae06acb6880", "sha256_hash": "623066a47ab5827de20a24e256892bf3a236a326c5e94ba6be8f73659ebc60fd", "size": 20480, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000437-addr_0x00000000054e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000437-addr_0x00000000054e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_243", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000438-addr_0x00000000054f0000-size_0x0000000000018000-perm_rw.bin", "filename": "process_00000002-region_00000438-addr_0x00000000054f0000-size_0x0000000000018000-perm_rw.bin", "id": "proc_dump_244", "md5_hash": "1460039662df5196376b8d29d34e6c2a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "136445af2a3203d398aaa034bf7283d926e914b5", "sha256_hash": "7aba46c236e690a9866d3925864f4f29b08d96c9c34347448021eaad9d752c9b", "size": 98304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000439-addr_0x00000000054b0000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000002-region_00000439-addr_0x00000000054b0000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_245", "md5_hash": "f1118e47446f9a81744c902b5b59593e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57dcd2ef3b0164f87e3c7804c6decb2636ba4812", "sha256_hash": "e3aea7536b60a874319f4c388d2c4634925a761d096c7e2327dc40bc68033d81", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000440-addr_0x0000000005510000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000440-addr_0x0000000005510000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_246", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000441-addr_0x00000000054e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000441-addr_0x00000000054e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_247", "md5_hash": "fe14bb63d8c58843ae3f1538f9f8022e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3332cab16748bae943bd131983a2023b9c7e3034", "sha256_hash": "de437bd4d9484c708eb43660fc3c9f357a1957238bf010f1ec18834e34ad99e5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000442-addr_0x00000000054f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000442-addr_0x00000000054f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_248", "md5_hash": "d6bdf0989491da1d63fe551396e9c395", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cdeb4a7cb827621b6b5efab716e4be970e3f75e3", "sha256_hash": "8c96afa1a43b7440ec89cf007a215409bf5ed46a4712dbf763e6684fe2f6ccbe", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000448-addr_0x00000000054f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000448-addr_0x00000000054f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_249", "md5_hash": "a29f1fb4815c022c9fba970052391621", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d6aa24ea9009b62c8d3ef7d7aa2b1429d03c7c1", "sha256_hash": "0d5af121d0153e0d2e9336bef86fcaa134b8104f61a0507def0e9278f70b905d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000449-addr_0x00000000054c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000449-addr_0x00000000054c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_250", "md5_hash": "2ce4cb0845fe1fcfba5573cbe83af5c9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c22f0055118fd6f1e632b575d8eec0efd0232630", "sha256_hash": "2223f1afcd3a72d78cb42b5f93da25de992e5f9dee512de24537191f2ee8c898", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000451-addr_0x0000000000990000-size_0x0000000000068000-perm_rwx.bin", "filename": "process_00000003-region_00000451-addr_0x0000000000990000-size_0x0000000000068000-perm_rwx.bin", "id": "proc_dump_252", "md5_hash": "7647d4a4db21d487c94680fbe754e8b4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f673e74175a4568e5d0e2e0b87f51f0cd494c392", "sha256_hash": "030b5f8fbd84139bcf57f53d79bf674f4217d834bb5e6a0e6db7ec0ad07c3e67", "size": 425984, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000452-addr_0x0000000000a00000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000452-addr_0x0000000000a00000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_253", "md5_hash": "2cdc973d59090a6882a7d75237a37cf6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b316591be039c2ca0321a6bc2b7056118490979d", "sha256_hash": "b3c8cdbb7ecc98f2a5e868645c36f60005f6fa7b764185c739451fe6bef94df9", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000453-addr_0x0000000000a20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000453-addr_0x0000000000a20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_254", "md5_hash": "e93992612c8905b17dbe268ddcf58aa9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50c51131cc32bd7d6de63712ab662138f24c9db3", "sha256_hash": "a8c356e224a8d52613b2a5b7ef1309e51eacc38ad51bf673d031a375dadb7ffe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000455-addr_0x0000000000a40000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000455-addr_0x0000000000a40000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_255", "md5_hash": "e70b9700e8224d4f865516a3da968730", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "49729b2da083dbbd76ee32658f2316ed7729db5e", "sha256_hash": "baf3dc486455c732a32aec6c835762f9fb5181abba7696945fa28fb0dc08ca14", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000456-addr_0x0000000000a80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000456-addr_0x0000000000a80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_256", "md5_hash": "2856c4336091277c9db2299391abdd59", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f3d7a8775f8ff226c86060ec2657665176b358a", "sha256_hash": "d4c100e40abbbdef862107454e63ff14c00daf218008548745b0283e6270bf31", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000459-addr_0x000000007ff5b000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000459-addr_0x000000007ff5b000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_257", "md5_hash": "b0e90916cef88f65610a3456d5b311d2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1db17e13b118c1b7a6c9a687b76b4de9d7a57591", "sha256_hash": "385a8c5aa7128e202c186627fa6262c4326cdf9b557b5a11af6a07874a0a745e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000460-addr_0x000000007ff5e000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000460-addr_0x000000007ff5e000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_258", "md5_hash": "8be30bbf7b11d7526d98015d09809363", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05dfa48acc13b95cbc458d4d068956c978907d6f", "sha256_hash": "59320ca0715e14d5aad99ebfbdf2544d07aa1ed12cdd2c3bddc5b217cfba6801", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000461-addr_0x000000007ff5f000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000461-addr_0x000000007ff5f000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_259", "md5_hash": "b37fb9585de3c7325b27b9a89dc04556", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c21bbc4f91472c2948d21ff255bf6b4e3612913e", "sha256_hash": "39a94dc343889c0205cd0fab8782b29d901a89cc81293db32e031e7da16329ad", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000462-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000462-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_260", "md5_hash": "99b1388c3b860790a4d5e0409cf0e40d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ef99ed5a3424a544246285fdefb445ac31fa0af5", "sha256_hash": "318ec9fd21f212e0103d840a253a36849a3969b4f93892b37d62c85835e43ddd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000594-addr_0x0000000000ba0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000594-addr_0x0000000000ba0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_261", "md5_hash": "4eef17396eed956e3064b5d250b68839", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "42aee3895ae0fca8dd057a5fc3b8fba83f007f82", "sha256_hash": "9b3e5c8cb7ba0f805211c824efb95289b6ca9f4008e9ca932b67556ae8c4bff4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000595-addr_0x0000000000c40000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000595-addr_0x0000000000c40000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_262", "md5_hash": "afd9dbaca011222dc45556e6de181a8a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8039fad51eaeeec1d5f5e93256a8d619285a9789", "sha256_hash": "1a9abf53fa036c9e2e8cc424a31dfbb4d87362e8d492cd5309ff5b0165920631", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000599-addr_0x0000000000d20000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000599-addr_0x0000000000d20000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_263", "md5_hash": "250551cf11767e8992c718e4b8524803", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2342e93684c4afcf3549f176a11fc4e39cd9ce47", "sha256_hash": "04c1d28732ec61f312b51aef9bba100d0e08d321fa5395a3490fca5e923ff363", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000605-addr_0x0000000000ef0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000605-addr_0x0000000000ef0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_264", "md5_hash": "7d04a28ba5cab4d9916b76d73619adf3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e8dc2fd567a521717322018641c6f06dc2335ef0", "sha256_hash": "6c3c4eb8cd6a7288a9b73209f02f24ca21982a5b1c76e995269f8be73f4e31cb", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000608-addr_0x0000000000a10000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000003-region_00000608-addr_0x0000000000a10000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_265", "md5_hash": "1ae25a8be4e379ea9f418e48b081a3b0", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "84465644db4f7718fb7964895da44d60396b38b2", "sha256_hash": "2889ef55cb0d1b05cb932a2164dd4e9d0bd275d623af932a5e9f10af9c1fa715", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000616-addr_0x0000000001060000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000616-addr_0x0000000001060000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_266", "md5_hash": "36ce524528f7628e1b9512a0dec41095", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c789e4e1ef0be60fab85c90c8a63082cfd2b299", "sha256_hash": "0acf04358d24798121fb83dc970e0f70e84d08da573d8c60afa0b2dc9c3fd5ae", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000625-addr_0x0000000000a20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000625-addr_0x0000000000a20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_267", "md5_hash": "5831ee885b9d1d3c2c07ec761745802b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6533f75059a066c379ef837a6b80d5a1dc04f6b2", "sha256_hash": "bbde8bc7da554400484517dbe95aff5d4af4a4bce85e57ac791b35bc7e39e301", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000626-addr_0x0000000000c30000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000626-addr_0x0000000000c30000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_268", "md5_hash": "3c4967671aeb2b130c00ac9bc0f7423e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6cb7e32814028f2968084b5b05c4eda56dfa8a5e", "sha256_hash": "4fd38a2fece7d5a1556b2222f3e5d88ef5a944b24aa13327a2570246919aa638", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000633-addr_0x0000000000c70000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000633-addr_0x0000000000c70000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_269", "md5_hash": "ff1ce49dd2970786a18d55ed4a48391a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a186a453bc384b24cc59382bef65f9443a2d63dc", "sha256_hash": "41eb89ddeab3bfda8b4efa28d6d81a4c66640f358ac9dbd281f6e8b8b0b2a208", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000634-addr_0x0000000000c80000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000634-addr_0x0000000000c80000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_270", "md5_hash": "1c98a226a10323bd6258a87be5bb9a90", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf0f1be8edc4fafebe88e018deb6b6d3492bd943", "sha256_hash": "a2e8e7fdf31c0885f12b36ab18ae1b2260d7c6bf2f210d08f3da95afc146c799", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000635-addr_0x0000000000c90000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000635-addr_0x0000000000c90000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_271", "md5_hash": "beac259fa69d425086ef8f1257be2bbd", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e39676095e4cce19c705d2995ad22096d57da9bf", "sha256_hash": "d07fd68122e82efb965d1a5e2c89be904d2203230947607d4807f20d13d83cc0", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000636-addr_0x0000000000ca0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000636-addr_0x0000000000ca0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_272", "md5_hash": "7a1b124e85cff59845797f1afa975716", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5c737d8a9e6e6ac786986d0b865c733aa34de25", "sha256_hash": "34571b21a0ddcad108ed377dadd5ddfbf1ac462b2b589128701f91f62a9f5da1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000637-addr_0x0000000000cb0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000637-addr_0x0000000000cb0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_273", "md5_hash": "a653bfe88f4a7d8667f811e73cf8cb33", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4bfecd48af2569bc37fc74fdae70c253ff2588b0", "sha256_hash": "cd2a0bc43544a318a5dcad9f2f9042b2458b81e62d841bfbb47b85f137929dd4", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000638-addr_0x0000000000cc0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000638-addr_0x0000000000cc0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_274", "md5_hash": "1e8811de601aa708edf64b9048dbcb85", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0a08751c193020c9868cb6bad24360a834a038b", "sha256_hash": "2813d017e311aadf7d4f2c79ff2ea0658a82ba8ee0043245db89733582eee6cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000639-addr_0x0000000000cd0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000639-addr_0x0000000000cd0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "568907a1027927c90bd9dab91419b4db", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c3668804aa583e01f608c13fb592c581aec2b4ca", "sha256_hash": "a150488b016270321ab99e15be3bc5f4a1fe5befe4b3c75e81b50b29600fb0de", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000640-addr_0x0000000000ce0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000640-addr_0x0000000000ce0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "e9712e549b1530cd914b2337bc29ef34", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48dfe12b56f00f83710a4646155c9ed9c5ccccdd", "sha256_hash": "d0600f7af86a17b29c2689079a2db6611cfd2d3ed7da3c6dc38998f3842560a1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000641-addr_0x0000000000e20000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000003-region_00000641-addr_0x0000000000e20000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "5e5be045672c0a09e45f257e1bc28993", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e5ab2acb11a032ec3bb890d58228affe929190eb", "sha256_hash": "7392610ac1624557e949909aee8425504bfb97c74a409213203dd6f9bddf77f8", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000642-addr_0x0000000000ee0000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000003-region_00000642-addr_0x0000000000ee0000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_278", "md5_hash": "fda8cabedb5f7d180af2b92e9a2b5b02", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6cfffbc5108c6b3397bc18874e283746d5cf553e", "sha256_hash": "67d0a3c5952c7f8e6ed81c9f31e0db30c3a6e71f89f593883f9b0ab465ec7097", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000643-addr_0x0000000000f00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000643-addr_0x0000000000f00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_279", "md5_hash": "0f97391114a0f61a0c806e72e38a7bd3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c215777de7588df81b2e80391e5d162a489f0e3e", "sha256_hash": "bf879bc024b3a9a201c5973a737ddfe8f4a4ac514cd09e9c957ad3dd841218be", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000644-addr_0x0000000001000000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000644-addr_0x0000000001000000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "f1ddb540055768a0f01d72dd4801ddd5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a4f2a5da8f7c48322dfc488eaab8d2f8faa41fd", "sha256_hash": "ee573ba036a6a1ee197b5ba59be6c475392ccf07b03e0cc1d314f2465f6b34b3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000645-addr_0x0000000002790000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000645-addr_0x0000000002790000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_281", "md5_hash": "d183c1ebebc83849b68a53cf9a18f9b4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05220634c5733a82a3813bb7ef8db6a69dca95ec", "sha256_hash": "d354fdfdb84a752c3695f4a8880ffb66558daa4fbe5d91c540762f2932d88319", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000646-addr_0x0000000002950000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000646-addr_0x0000000002950000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_282", "md5_hash": "45452bb4b8849c4a8458de425ab99677", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ed785a4562987334e9b80b1a36722c6e6d8480b", "sha256_hash": "028199ec657206ee2fd7849d825eb992d462fa61ba32a700c08e39a40e416cfa", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000650-addr_0x000000007ff55000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000650-addr_0x000000007ff55000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_283", "md5_hash": "c17ab5c6be0e7c1058a3743d30ea889e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b93ece5acbcb3f3ee70459ab3dbac68fbffb8ea4", "sha256_hash": "6ea6a281bcadbeb0bd73501ba268ea1f6212040301b5be42a684057439dd5e43", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000651-addr_0x000000007ff58000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000651-addr_0x000000007ff58000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_284", "md5_hash": "4540cdda0f736c181af688184d236097", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5864502f07e5d53ddaffbe8d7ffcfcc9be865acc", "sha256_hash": "6f574662e3bb6544ead8019581d4be91fd7a1095f9f8e90c54c210d73a0dbabc", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000655-addr_0x0000000000ec0000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000655-addr_0x0000000000ec0000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_285", "md5_hash": "09d9bed12a7941d95451058f4a46745b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "264f36dd96a32c50392e79567d85c86a3855ab5f", "sha256_hash": "a33be0f7b220a81a0d4a8ff960e9bee495a473e2c51a75467f16b817161eee25", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000657-addr_0x0000000000ed0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000657-addr_0x0000000000ed0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_286", "md5_hash": "b99c28fc2f8c65bd5c1d547a1f178269", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0099cd1099dccdc2e361cfc8e28616fc417fdd74", "sha256_hash": "f776a5377c51f5bd5a9125600d48ff928320069f33fa29e7e9480c5b0e1ef13f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000660-addr_0x0000000001040000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000003-region_00000660-addr_0x0000000001040000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_287", "md5_hash": "0eaaf48b45ef0f068ff28e3d3811b3a8", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6d11d88b224d4fe5e96d29021f05e35426c4cd62", "sha256_hash": "4bd0c7d6b635f48385c6f5d4e97dc3840929460a394f96529c98235f6a80d907", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000666-addr_0x0000000001050000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000666-addr_0x0000000001050000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "81468a1ea1c0d331588007a042fbfb9e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54b9a382693b9a6e8ea9c7f3cc360e6ed8950f33", "sha256_hash": "b6df95be0cf3c2ce082dd90f20a12c1782cb16569a8de01a9abcab0f3477923b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000667-addr_0x0000000002890000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000667-addr_0x0000000002890000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_289", "md5_hash": "0a159e0b0ad71682a162760b63c2bb90", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b0502564b23edfe0726e888467b08e3959b38ab", "sha256_hash": "557b7e2ae782dcfb65d3195f1cce6f1e7b71196e3111ee99f050a6262edfef88", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000668-addr_0x00000000028a0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000668-addr_0x00000000028a0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_290", "md5_hash": "9c13ee41d3bd237cd0a046964cd0e7dc", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "67003c39ce86ac3eeca0bd1bdb3f5aab150e05c2", "sha256_hash": "24d25c3230f123e73b477a9a2a360ff2ca4b8da028de414c315d82b11e3666ec", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000671-addr_0x0000000004e00000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000003-region_00000671-addr_0x0000000004e00000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_291", "md5_hash": "17a6b3e0ef8dd2827e2904c5d0b79efe", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a87c246bb94853ce5322d7918eaf26b3c634507", "sha256_hash": "151db04a06cac1b0463e1db6b4e8e02c6cd4dcd49c46ea613987f2397e47e65f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000674-addr_0x0000000004e10000-size_0x00000000001f0000-perm_rw.bin", "filename": "process_00000003-region_00000674-addr_0x0000000004e10000-size_0x00000000001f0000-perm_rw.bin", "id": "proc_dump_292", "md5_hash": "be3104ab7e9859631658349e4304a35e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14af18bf4584f850799288969d7fa8ee1d7a8c58", "sha256_hash": "b5afa04785a6d75fbd6e8a877e20aa772562f22fdbbcc126b9e5fe8156d8af05", "size": 2031616, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000677-addr_0x000000007fdd0000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000003-region_00000677-addr_0x000000007fdd0000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_293", "md5_hash": "a4a77c65654c57f56beef27174244655", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "413d073ef0ea0e55e5c361f2ed5587a34fc7ccc6", "sha256_hash": "d187be4bde11443474658dcba3ad3de56ab45c1f7ba5988efa70f3087fef2010", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000678-addr_0x000000007fde0000-size_0x0000000000050000-perm_rwx.bin", "filename": "process_00000003-region_00000678-addr_0x000000007fde0000-size_0x0000000000050000-perm_rwx.bin", "id": "proc_dump_294", "md5_hash": "04612df5d84a8274c45e13ea7fd56445", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ae4d71180a41970271e51f3320d4eb58f8d99319", "sha256_hash": "ce44e85b8e56f83b7cbff517bd963497f2df00c6fd0cdc37db00ef471c841cf0", "size": 327680, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000686-addr_0x00000000028b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000686-addr_0x00000000028b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "945ef03b0b85a69c40e33418e1f120d5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6467965d82b810c6f71fe6bb4d3c7df7a9d9067a", "sha256_hash": "4583180aa13955586a4c8c2de5c9e6dcd11d88b22043eed255911f6757fcbaa7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000687-addr_0x00000000028e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000687-addr_0x00000000028e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_296", "md5_hash": "085456b4e486e91d8882f7ab9f54309b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6c9ec605438dea59bb07f5d0a0d852317cb96e5", "sha256_hash": "f389071c66b7d11d712ccf3ad6c3bd7fb782dc69a02ec4b61372a340350e7bab", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000688-addr_0x0000000004e10000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000688-addr_0x0000000004e10000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_297", "md5_hash": "6f20518521cdba4ca54ed6a7c80b2e25", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "70529413ecf53021519177d182bf3c9e7a52c3fc", "sha256_hash": "68c90d30f20c0c7e7e32239e7d23d1e4a9003c287d004c2af47b65ec53f3cf36", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000689-addr_0x0000000004ff0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000689-addr_0x0000000004ff0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "4721e611c966170e3bf1ee3f36272477", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad97837b83ad87bd0f058da9fc3307df015fdf26", "sha256_hash": "481bf8d46ccd7383b430183b688061cf51bc739bd0feddc45f50bfde17a5e34c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000691-addr_0x000000007fdcd000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000691-addr_0x000000007fdcd000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "0fc98903ce938c665ca1ca750a71b73e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a5ed5f733ec8a866148c29040291afd543a85e3", "sha256_hash": "ef4dd293cc476b1f6cacba81a456e8986d5f04fd822861caa8271b95b6eae556", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000693-addr_0x0000000002920000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000003-region_00000693-addr_0x0000000002920000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "8c0cd8357f719fd78df8a110647ebacf", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e90a29b8d4d104ddc475a334a4b0d588d315bbba", "sha256_hash": "ade5ff65ec3e28b8d69ec0a8973b7dc5f45dc2ec2c48c141c4e8d4e7c2190016", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000694-addr_0x0000000002930000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000003-region_00000694-addr_0x0000000002930000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "4375efdbe514d547ddfb151a8c614bcb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5e4ed449aaf5d11090dd23a83503773cf22f6451", "sha256_hash": "90961471e8fd68edfc5611dccf40a373678e8abc12b3f0184ec5b2f4e863adc2", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000695-addr_0x0000000005000000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000695-addr_0x0000000005000000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "daefd93b369f0b76feaf241a63012cca", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43b94958e621b9231045d6d073d9b56162e35cde", "sha256_hash": "63e9f490cbf042314a5aebfa486069acb35821768fb227fbd799547d1b29a58d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000698-addr_0x0000000006600000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000003-region_00000698-addr_0x0000000006600000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_303", "md5_hash": "eec4409f8b826ed699f78708170a12a9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "66b4eb068d86e18c0a95b1d022b575e14497f395", "sha256_hash": "d7d6871f5a20e673163d911e702593ecfbb688540949025d8d8ee1a2a37d832c", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000700-addr_0x0000000006a00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000700-addr_0x0000000006a00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_304", "md5_hash": "ac1bfceca07ed94cd65e8a893c988bc5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "224d5d1f1d37391ffca1ec7a240a25fc55f520ba", "sha256_hash": "4440176d490a3aa2df99409630a746b0da33ca0e4832334cc640bcde384e2a3e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000708-addr_0x0000000002940000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000708-addr_0x0000000002940000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_305", "md5_hash": "cad774031b21e657eae08fd659550613", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20425fc589d0e2bf972952038d8d46580e3362ab", "sha256_hash": "208c5daeccd23e0c8423dbd77fa5b820c575fcd007c4510f9c7236d6f22e286b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000711-addr_0x0000000007d70000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000711-addr_0x0000000007d70000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_306", "md5_hash": "02ad7a57d5423a3c466675746c0c0a9c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d80aa1525e09b398bc973c9e3cd6712e82d49c95", "sha256_hash": "49b68451840e746f2f8c0e7794d064a5b2338f518adc8cb8571c8bfc480ee8b6", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000712-addr_0x0000000004f80000-size_0x0000000000004000-perm_rwx.bin", "filename": "process_00000003-region_00000712-addr_0x0000000004f80000-size_0x0000000000004000-perm_rwx.bin", "id": "proc_dump_307", "md5_hash": "3e0d1f04072ec9d2e98c7ba59ec3709d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31df8827da3e212f8caad6dd7f92094045aaaf1c", "sha256_hash": "45e6574958eefe13f2e52c547a9db457a31f1fa8c22361f2fce4363d22a5aa2b", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000713-addr_0x0000000007df0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000003-region_00000713-addr_0x0000000007df0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_308", "md5_hash": "3a05af41cf2e4bc5a9e776a55212dd0b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5eb9e5dd600a7fb843ffb1632d87de2d6e9c100", "sha256_hash": "b40286ceed97d4527a2de800335ac03a2453d9fd2822108a853f4111eb04db5c", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000718-addr_0x0000000004fa0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000718-addr_0x0000000004fa0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_309", "md5_hash": "881d06ed42f98e517917e4328936a84f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e23152bdc386496e89e2b6ef2d43f44864255fca", "sha256_hash": "a4bfb76e6d90314cd625ddf9e39516efd4c25b02bbecb5525b21f4908d251242", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000720-addr_0x0000000004fc0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000720-addr_0x0000000004fc0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_310", "md5_hash": "b2418be81184a9f4b24eeb2e7cc511aa", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4a47f91eae8a5911c40ca241a9ffa6a6f9ea3ef6", "sha256_hash": "d119404192515e181004d790e65588ac42982e499d65beb8d7c3b29de16acc3f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000723-addr_0x0000000004fd0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000723-addr_0x0000000004fd0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_311", "md5_hash": "9e8e9dd29b70fe8863222034c63d1094", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a7ae7158e4253dc1cce0c0d68fcf4b7730cb91a", "sha256_hash": "eb50df81f05ffb0e9e6027c02e49db816df0cf94af86add1f3e52824a2e7cf90", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000725-addr_0x0000000004fd0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000725-addr_0x0000000004fd0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_312", "md5_hash": "a29f1fb4815c022c9fba970052391621", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d6aa24ea9009b62c8d3ef7d7aa2b1429d03c7c1", "sha256_hash": "0d5af121d0153e0d2e9336bef86fcaa134b8104f61a0507def0e9278f70b905d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000726-addr_0x0000000004fe0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000726-addr_0x0000000004fe0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_313", "md5_hash": "22cf442f2d772909613df3d41431ee47", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "365a773d4b40498245456fa9d9f1210281cc5c29", "sha256_hash": "264c9872f3353ef737299b8d601f6f3a5b04209059eb6cfdcbfd76356e3d9f71", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000727-addr_0x0000000004fd0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000727-addr_0x0000000004fd0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_314", "md5_hash": "ed016e496ed07950ed5b6ebcaf6fd2b1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2749b8f29a57c76c0bab211bb4fa25bac1ce4b03", "sha256_hash": "c59fe6ad3914fb0636b5470f47c32527cf11ac9db6304f30fde74c2790b7823e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000728-addr_0x0000000004fd0000-size_0x0000000000005000-perm_rw.bin", "filename": "process_00000003-region_00000728-addr_0x0000000004fd0000-size_0x0000000000005000-perm_rw.bin", "id": "proc_dump_315", "md5_hash": "499f6a31120d9b18ed3d0c360cb245f4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5e113af1658293986233a3f7a4ec8ae06acb6880", "sha256_hash": "623066a47ab5827de20a24e256892bf3a236a326c5e94ba6be8f73659ebc60fd", "size": 20480, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000729-addr_0x0000000005100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000729-addr_0x0000000005100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000730-addr_0x0000000005110000-size_0x0000000000018000-perm_rw.bin", "filename": "process_00000003-region_00000730-addr_0x0000000005110000-size_0x0000000000018000-perm_rw.bin", "id": "proc_dump_317", "md5_hash": "1460039662df5196376b8d29d34e6c2a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "136445af2a3203d398aaa034bf7283d926e914b5", "sha256_hash": "7aba46c236e690a9866d3925864f4f29b08d96c9c34347448021eaad9d752c9b", "size": 98304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000731-addr_0x0000000004fd0000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000003-region_00000731-addr_0x0000000004fd0000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_318", "md5_hash": "42781dbc5af8e3083f5f5f12e5e3b4d5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f385991b155d0f55286ff679d7adfdc1fe2f6745", "sha256_hash": "d9854b6111ad54601d4f5a41893dc24a878a2c2a6e8539f4c25c1d49a126b031", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000732-addr_0x0000000005130000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000732-addr_0x0000000005130000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_319", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000736-addr_0x0000000005100000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000003-region_00000736-addr_0x0000000005100000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_320", "md5_hash": "c9845ca412dc1930dd4479bfdc0edcaa", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a755d3bea28569eee2e94bf9b09b699ca10c0cf3", "sha256_hash": "623976653251673fb8cf520b36724ba3576e3ad7e69cae260f27bfc5882dbe65", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000737-addr_0x0000000005140000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000737-addr_0x0000000005140000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_321", "md5_hash": "5b7a67a0546f7a2150e0cf2b22638c93", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be3ea1d873f08f148f0255c88bc9d4ca82b01e62", "sha256_hash": "02a176aa2136873f0c916281b9207aebcf98ef5640d867d98c80ed035c2f5ba2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000738-addr_0x0000000005180000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000738-addr_0x0000000005180000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_322", "md5_hash": "109077ceef6a0b37a3ec081b5216425e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8739ee6429b0704f8afe7cd0c1e0e7584b895a7", "sha256_hash": "87e384951e42480b8d8763cc5681eccf3651a68f37c37826dc869aae4f12a58d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000739-addr_0x0000000005280000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000739-addr_0x0000000005280000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_323", "md5_hash": "494ab2ad11b27002aa2ef647706a1988", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2f549d6ab14d2eb445717a8466eb5801c6e10498", "sha256_hash": "838985d6b5eecb8e457209f1d8787078a971d9f1c6a0ccd4b8313e47c1a59ab4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000740-addr_0x00000000052c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000740-addr_0x00000000052c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_324", "md5_hash": "5610dd9947a841b63a50df016f53acc9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0ee3008954773b777cf7f726176593c9b9bbeb8", "sha256_hash": "b80050a2a4beaa4a06d18b8321e60e81272f5f311935e2e5512e38982a28c180", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000741-addr_0x00000000053c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000741-addr_0x00000000053c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_325", "md5_hash": "3c8576670bdfeb0e4decf2f8dc996599", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fcdd4b641a46aa8883653c9e84095e21ae3b67f1", "sha256_hash": "b398bb07bbe7ce39767c00fc3524a23a88894917644300d0dcb0e1612affcdc7", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000742-addr_0x0000000005400000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000742-addr_0x0000000005400000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_326", "md5_hash": "3815e9b76f7c60fafbe73f298e1ddec9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a2c357286f0387f6f197fdeec1e6380ab8ca226", "sha256_hash": "75e8f85ab7b576f31453a97d843e0b2486bb764b0e917a02ca1b6cf8204ed995", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000743-addr_0x000000007fdc4000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000743-addr_0x000000007fdc4000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_327", "md5_hash": "b05f4e203636dcfdee1dcbb9c8ebf3bf", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4aa56f978ed1e68cc27340902edd6744b1acec8a", "sha256_hash": "5dc6b1a2ce4dd2f0d4711defc4d9a0f429e2706eb1b5e56b9e0dca7a0609b174", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000744-addr_0x000000007fdc7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000744-addr_0x000000007fdc7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_328", "md5_hash": "3379d3f348d011f9e37876108523d346", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a02d990afa8162e956491fadb2e1aa173d7dd609", "sha256_hash": "18515fcd131d4686abf3c0eea7b172f3b9d1cc4b8e6f3cef7d4ad2a8342f4e3c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000745-addr_0x000000007fdca000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000745-addr_0x000000007fdca000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_329", "md5_hash": "cc084615fce96ad7bdb44c6fbcef2f03", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1755599e31090fbf8beb0500dd7f675d9ba023f0", "sha256_hash": "e7e9dd033c45003b41f005ee200450ab7951ef258233e60b1146de6d670cc4d4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000747-addr_0x0000000005500000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000747-addr_0x0000000005500000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_330", "md5_hash": "ae4e86553ba21806200023a8e03eb07d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c5fa6ef0c5dbd1c3d3eeef6dfa6dc0476ff628a", "sha256_hash": "aaf803c992ea097eb2c57491624015602d7a139eb283d0cd7e965331d3507caf", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000748-addr_0x0000000007f60000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000748-addr_0x0000000007f60000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_331", "md5_hash": "fdfdf9e68a0e7ef98d451868de775baf", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "581b70cf6da47ae9b683cd69c55fa64d1606e803", "sha256_hash": "9cb7e0d5b86903d8a484122f7a5468ab58ea1bd4c5885db4968a6f09554db15d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000749-addr_0x000000007fdc1000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000749-addr_0x000000007fdc1000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_332", "md5_hash": "b0c3d5756972b3c461c3995c5591270f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39ea7d8913ff947765a255d5fa8b68527f93b10a", "sha256_hash": "4822a12b22737049c527177946f8d78ca38b88096a77bca951945688dde583c4", "size": 12288, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\5JgHKoaOfdp\\Desktop\\Crypt.exe\" ", "filename": "c:\\users\\5jghkoaofdp\\desktop\\crypt.exe", "id": "proc_1", "image_name": "crypt.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x0000000000140000-size_0x0000000000074000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 475136, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1785855, "entry_point": 1310720, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\Crypt.exe", "id": "region_1", "name": "crypt.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\crypt.exe", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:23.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000002-addr_0x00000000001c0000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_2", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:23.328", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000003-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_3", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:23.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2093055, "entry_point": 0, "filename": null, "id": "region_4", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:23.328", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000005-addr_0x0000000000200000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_5", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:23.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000006-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_6", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:23.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3424255, "entry_point": 0, "filename": null, "id": "region_7", "name": "pagefile_0x0000000000340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3407872, "timestamp": "00:00:23.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3477503, "entry_point": 0, "filename": null, "id": "region_8", "name": "pagefile_0x0000000000350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3473408, "timestamp": "00:00:23.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000009-addr_0x0000000000360000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3547135, "entry_point": 0, "filename": null, "id": "region_9", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:00:23.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1474560, "start_va": 2002059264, "type": "region", "version": 1 }, "end_va": 2003533823, "entry_point": 2002059264, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_10", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002059264, "timestamp": "00:00:23.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2127822848, "type": "region", "version": 1 }, "end_va": 2127966207, "entry_point": 0, "filename": null, "id": "region_11", "name": "pagefile_0x000000007ed40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2127822848, "timestamp": "00:00:23.409", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000012-addr_0x000000007ed63000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2127966208, "type": "region", "version": 1 }, "end_va": 2127970303, "entry_point": 0, "filename": null, "id": "region_12", "name": "private_0x000000007ed63000", "norm_filename": null, "region_type": "private_memory", "start_va": 2127966208, "timestamp": "00:00:23.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000013-addr_0x000000007ed6a000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2127994880, "type": "region", "version": 1 }, "end_va": 2128007167, "entry_point": 0, "filename": null, "id": "region_13", "name": "private_0x000000007ed6a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2127994880, "timestamp": "00:00:23.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000014-addr_0x000000007ed6d000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2128007168, "type": "region", "version": 1 }, "end_va": 2128011263, "entry_point": 0, "filename": null, "id": "region_14", "name": "private_0x000000007ed6d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2128007168, "timestamp": "00:00:23.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_15", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:23.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140708852137984, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140710999556095, "entry_point": 0, "filename": null, "id": "region_16", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:23.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1744896, "start_va": 140710999556096, "type": "region", "version": 1 }, "end_va": 140711001300991, "entry_point": 140710999556096, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_17", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140710999556096, "timestamp": "00:00:23.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26486988800, "start_va": 140711001300992, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_18", "name": "private_0x00007ff9d53fa000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711001300992, "timestamp": "00:00:23.485", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000155-addr_0x00000000003c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_155", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:24.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 2001207296, "type": "region", "version": 1 }, "end_va": 2001244159, "entry_point": 2001207296, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_156", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 2001207296, "timestamp": "00:00:24.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 2001272832, "type": "region", "version": 1 }, "end_va": 2001571839, "entry_point": 2001272832, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_157", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 2001272832, "timestamp": "00:00:24.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 425984, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2002026495, "entry_point": 2001600512, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_158", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:24.472", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000159-addr_0x0000000000460000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:00:24.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 1961558016, "type": "region", "version": 1 }, "end_va": 1961910271, "entry_point": 1961558016, "filename": "\\Windows\\SysWOW64\\mscoree.dll", "id": "region_160", "name": "mscoree.dll", "norm_filename": "c:\\windows\\syswow64\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1961558016, "timestamp": "00:00:24.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1969160192, "type": "region", "version": 1 }, "end_va": 1970470911, "entry_point": 1969160192, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_161", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1969160192, "timestamp": "00:00:24.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 847872, "start_va": 1972699136, "type": "region", "version": 1 }, "end_va": 1973547007, "entry_point": 1972699136, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_162", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972699136, "timestamp": "00:00:24.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_163", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:24.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4513791, "entry_point": 3997696, "filename": "\\Windows\\System32\\locale.nls", "id": "region_164", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3997696, "timestamp": "00:00:24.969", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000165-addr_0x0000000000600000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x0000000000600000", "norm_filename": null, "region_type": "private_memory", "start_va": 6291456, "timestamp": "00:00:24.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 1949302784, "type": "region", "version": 1 }, "end_va": 1949929471, "entry_point": 1949302784, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_166", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1949302784, "timestamp": "00:00:24.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2126774272, "type": "region", "version": 1 }, "end_va": 2127822847, "entry_point": 0, "filename": null, "id": "region_167", "name": "pagefile_0x000000007ec40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2126774272, "timestamp": "00:00:24.973", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000168-addr_0x00000000001d0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1916927, "entry_point": 0, "filename": null, "id": "region_168", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:24.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 1961951232, "type": "region", "version": 1 }, "end_va": 1962291199, "entry_point": 1961951232, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_169", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1961951232, "timestamp": "00:00:24.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962381311, "entry_point": 1962344448, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_170", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:00:24.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1962409984, "type": "region", "version": 1 }, "end_va": 1962528767, "entry_point": 1962409984, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_171", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962409984, "timestamp": "00:00:24.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 491520, "start_va": 1962606592, "type": "region", "version": 1 }, "end_va": 1963098111, "entry_point": 1962606592, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_172", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1962606592, "timestamp": "00:00:24.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 724992, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971195903, "entry_point": 1970470912, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_173", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:00:25.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 1975386112, "type": "region", "version": 1 }, "end_va": 1975640063, "entry_point": 1975386112, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_174", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1975386112, "timestamp": "00:00:25.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_175", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:00:25.297", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000176-addr_0x0000000000700000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_176", "name": "private_0x0000000000700000", "norm_filename": null, "region_type": "private_memory", "start_va": 7340032, "timestamp": "00:00:25.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 516096, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961549823, "entry_point": 1961033728, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_177", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:00:25.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1368064, "start_va": 1963196416, "type": "region", "version": 1 }, "end_va": 1964564479, "entry_point": 1963196416, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_178", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1963196416, "timestamp": "00:00:25.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1081344, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1965654015, "entry_point": 1964572672, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_179", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:00:25.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 266240, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977094143, "entry_point": 1976827904, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_180", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:00:25.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1372160, "start_va": 1977810944, "type": "region", "version": 1 }, "end_va": 1979183103, "entry_point": 1977810944, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_181", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1977810944, "timestamp": "00:00:25.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 9011199, "entry_point": 0, "filename": null, "id": "region_182", "name": "pagefile_0x0000000000710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7405568, "timestamp": "00:00:25.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1011712, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968926719, "entry_point": 1967915008, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_183", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:00:25.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1968963584, "type": "region", "version": 1 }, "end_va": 1969115135, "entry_point": 1968963584, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_184", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1968963584, "timestamp": "00:00:25.743", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000185-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_185", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:25.813", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000186-addr_0x0000000000370000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3608575, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:25.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 10620927, "entry_point": 0, "filename": null, "id": "region_187", "name": "pagefile_0x00000000008a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9043968, "timestamp": "00:00:25.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10682368, "type": "region", "version": 1 }, "end_va": 31653887, "entry_point": 0, "filename": null, "id": "region_188", "name": "pagefile_0x0000000000a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10682368, "timestamp": "00:00:25.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 1953169408, "type": "region", "version": 1 }, "end_va": 1954050047, "entry_point": 1953169408, "filename": "\\Windows\\SysWOW64\\msvcr120_clr0400.dll", "id": "region_189", "name": "msvcr120_clr0400.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr120_clr0400.dll", "region_type": "memory_mapped_file", "start_va": 1953169408, "timestamp": "00:00:25.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6926336, "start_va": 1954086912, "type": "region", "version": 1 }, "end_va": 1961013247, "entry_point": 1954086912, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", "id": "region_190", "name": "clr.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", "region_type": "memory_mapped_file", "start_va": 1954086912, "timestamp": "00:00:25.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3674111, "entry_point": 0, "filename": null, "id": "region_191", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:00:26.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_192", "name": "pagefile_0x0000000000390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3735552, "timestamp": "00:00:26.318", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000193-addr_0x00000000003a0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:26.319", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000194-addr_0x00000000003b0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:26.319", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000195-addr_0x0000000000450000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:00:26.320", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000196-addr_0x0000000000560000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:00:26.320", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000197-addr_0x0000000000570000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_197", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:00:26.320", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000198-addr_0x0000000000580000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5771263, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:00:26.321", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000199-addr_0x0000000000590000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5836799, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:00:26.321", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000200-addr_0x00000000005a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 6160383, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:00:26.321", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000201-addr_0x00000000005e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:00:26.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000202-addr_0x0000000000610000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:00:26.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000203-addr_0x00000000006b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_203", "name": "private_0x00000000006b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7012352, "timestamp": "00:00:26.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000204-addr_0x0000000001e30000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x0000000001e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 31653888, "timestamp": "00:00:26.323", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000205-addr_0x0000000002010000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33685503, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:00:26.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 67239935, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x0000000002020000", "norm_filename": null, "region_type": "private_memory", "start_va": 33685504, "timestamp": "00:00:26.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000207-addr_0x0000000004020000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 67239936, "type": "region", "version": 1 }, "end_va": 68288511, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x0000000004020000", "norm_filename": null, "region_type": "private_memory", "start_va": 67239936, "timestamp": "00:00:26.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 68288512, "type": "region", "version": 1 }, "end_va": 71258111, "entry_point": 68288512, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_208", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 68288512, "timestamp": "00:00:26.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 17387520, "start_va": 1927741440, "type": "region", "version": 1 }, "end_va": 1945128959, "entry_point": 1927741440, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\c90ef9a73ea0044641d31b19023aad61\\mscorlib.ni.dll", "id": "region_209", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\c90ef9a73ea0044641d31b19023aad61\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1927741440, "timestamp": "00:00:26.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000210-addr_0x000000007ed64000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2127970304, "type": "region", "version": 1 }, "end_va": 2127982591, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x000000007ed64000", "norm_filename": null, "region_type": "private_memory", "start_va": 2127970304, "timestamp": "00:00:26.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000211-addr_0x000000007ed67000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2127982592, "type": "region", "version": 1 }, "end_va": 2127994879, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x000000007ed67000", "norm_filename": null, "region_type": "private_memory", "start_va": 2127982592, "timestamp": "00:00:26.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1097728, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1972355071, "entry_point": 1971257344, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_212", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:00:26.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1953103872, "type": "region", "version": 1 }, "end_va": 1953140735, "entry_point": 1953103872, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_213", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1953103872, "timestamp": "00:00:26.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 1948385280, "type": "region", "version": 1 }, "end_va": 1949282303, "entry_point": 1948385280, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_214", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1948385280, "timestamp": "00:00:26.557", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000215-addr_0x0000000004400000-size_0x0000000000160000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1441792, "start_va": 71303168, "type": "region", "version": 1 }, "end_va": 72744959, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x0000000004400000", "norm_filename": null, "region_type": "private_memory", "start_va": 71303168, "timestamp": "00:00:26.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6230015, "entry_point": 0, "filename": null, "id": "region_216", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:00:26.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 987136, "start_va": 71303168, "type": "region", "version": 1 }, "end_va": 72290303, "entry_point": 0, "filename": null, "id": "region_217", "name": "pagefile_0x0000000004400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 71303168, "timestamp": "00:00:26.785", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000218-addr_0x0000000004550000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 72679424, "type": "region", "version": 1 }, "end_va": 72744959, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000004550000", "norm_filename": null, "region_type": "private_memory", "start_va": 72679424, "timestamp": "00:00:26.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6242303, "entry_point": 0, "filename": null, "id": "region_219", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:00:26.786", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000220-addr_0x00000000006f0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 7290879, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x00000000006f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7274496, "timestamp": "00:00:26.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6959104, "start_va": 1910702080, "type": "region", "version": 1 }, "end_va": 1917661183, "entry_point": 1910702080, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\c1194e56644c7688e7eb0f68a57dcc30\\System.Core.ni.dll", "id": "region_221", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\c1194e56644c7688e7eb0f68a57dcc30\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1910702080, "timestamp": "00:00:27.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10014720, "start_va": 1917714432, "type": "region", "version": 1 }, "end_va": 1927729151, "entry_point": 1917714432, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\c24d08cc4e93fc4f6f15a637b00a2721\\System.ni.dll", "id": "region_222", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\c24d08cc4e93fc4f6f15a637b00a2721\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1917714432, "timestamp": "00:00:27.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1951125503, "entry_point": 1950613504, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll", "id": "region_223", "name": "clrjit.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:00:27.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1937408, "start_va": 1951137792, "type": "region", "version": 1 }, "end_va": 1953075199, "entry_point": 1951137792, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\288e4f2cf5b7a96028c8bb3fce6dc043\\Microsoft.VisualBasic.ni.dll", "id": "region_224", "name": "microsoft.visualbasic.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\288e4f2cf5b7a96028c8bb3fce6dc043\\microsoft.visualbasic.ni.dll", "region_type": "memory_mapped_file", "start_va": 1951137792, "timestamp": "00:00:27.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 552960, "start_va": 1975910400, "type": "region", "version": 1 }, "end_va": 1976463359, "entry_point": 1975910400, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_225", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1975910400, "timestamp": "00:00:27.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000226-addr_0x0000000001f30000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x0000000001f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 32702464, "timestamp": "00:00:27.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000227-addr_0x0000000001f40000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:00:27.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12869632, "start_va": 1897791488, "type": "region", "version": 1 }, "end_va": 1910661119, "entry_point": 1897791488, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\635558b506364815e8348217e86fdf99\\System.Windows.Forms.ni.dll", "id": "region_228", "name": "system.windows.forms.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\635558b506364815e8348217e86fdf99\\system.windows.forms.ni.dll", "region_type": "memory_mapped_file", "start_va": 1897791488, "timestamp": "00:00:27.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1646592, "start_va": 1946550272, "type": "region", "version": 1 }, "end_va": 1948196863, "entry_point": 1946550272, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\ddb52221ad0200b7c2e0a308e47d5c7c\\System.Drawing.ni.dll", "id": "region_229", "name": "system.drawing.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\ddb52221ad0200b7c2e0a308e47d5c7c\\system.drawing.ni.dll", "region_type": "memory_mapped_file", "start_va": 1946550272, "timestamp": "00:00:27.634", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000230-addr_0x0000000001f50000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 32899071, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x0000000001f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 32833536, "timestamp": "00:00:27.748", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000231-addr_0x0000000001f70000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x0000000001f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 32964608, "timestamp": "00:00:27.748", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000232-addr_0x0000000001f80000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33292287, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:00:27.749", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000233-addr_0x0000000004560000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 72744960, "type": "region", "version": 1 }, "end_va": 73793535, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x0000000004560000", "norm_filename": null, "region_type": "private_memory", "start_va": 72744960, "timestamp": "00:00:27.749", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000234-addr_0x000000007ec3d000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2126761984, "type": "region", "version": 1 }, "end_va": 2126774271, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x000000007ec3d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2126761984, "timestamp": "00:00:27.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 536576, "start_va": 73793536, "type": "region", "version": 1 }, "end_va": 74330111, "entry_point": 73793536, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_7c55c866aa0c3ff0\\comctl32.dll", "id": "region_235", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_7c55c866aa0c3ff0\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 73793536, "timestamp": "00:00:27.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 548864, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999110144, "filename": "\\Windows\\SysWOW64\\comctl32.dll", "id": "region_236", "name": "comctl32.dll", "norm_filename": "c:\\windows\\syswow64\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:00:28.021", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000237-addr_0x0000000004660000-size_0x00000000000e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 917504, "start_va": 73793536, "type": "region", "version": 1 }, "end_va": 74711039, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x0000000004660000", "norm_filename": null, "region_type": "private_memory", "start_va": 73793536, "timestamp": "00:00:28.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948352511, "entry_point": 1948254208, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_238", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:00:28.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 806912, "start_va": 1896939520, "type": "region", "version": 1 }, "end_va": 1897746431, "entry_point": 1896939520, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\0139b8d6c29df85226a7fe833e5cc4f1\\System.Runtime.Remoting.ni.dll", "id": "region_239", "name": "system.runtime.remoting.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\0139b8d6c29df85226a7fe833e5cc4f1\\system.runtime.remoting.ni.dll", "region_type": "memory_mapped_file", "start_va": 1896939520, "timestamp": "00:00:28.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000240-addr_0x000000007ebd0000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2126315520, "type": "region", "version": 1 }, "end_va": 2126381055, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x000000007ebd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2126315520, "timestamp": "00:00:28.544", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000241-addr_0x000000007ebe0000-size_0x0000000000050000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 327680, "start_va": 2126381056, "type": "region", "version": 1 }, "end_va": 2126708735, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x000000007ebe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2126381056, "timestamp": "00:00:28.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1999097855, "entry_point": 1997733888, "filename": "\\Windows\\SysWOW64\\GdiPlus.dll", "id": "region_242", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\syswow64\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:00:28.609", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000243-addr_0x0000000004660000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 73793536, "type": "region", "version": 1 }, "end_va": 74448895, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x0000000004660000", "norm_filename": null, "region_type": "private_memory", "start_va": 73793536, "timestamp": "00:00:28.618", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000244-addr_0x0000000004730000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 74645504, "type": "region", "version": 1 }, "end_va": 74711039, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x0000000004730000", "norm_filename": null, "region_type": "private_memory", "start_va": 74645504, "timestamp": "00:00:28.618", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000245-addr_0x0000000001fc0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x0000000001fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33292288, "timestamp": "00:00:28.626", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000246-addr_0x0000000004740000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 74711040, "type": "region", "version": 1 }, "end_va": 75759615, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x0000000004740000", "norm_filename": null, "region_type": "private_memory", "start_va": 74711040, "timestamp": "00:00:28.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1515520, "start_va": 1895366656, "type": "region", "version": 1 }, "end_va": 1896882175, "entry_point": 1895366656, "filename": "\\Windows\\SysWOW64\\DWrite.dll", "id": "region_247", "name": "dwrite.dll", "norm_filename": "c:\\windows\\syswow64\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 1895366656, "timestamp": "00:00:28.627", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000248-addr_0x000000007ec3a000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2126749696, "type": "region", "version": 1 }, "end_va": 2126761983, "entry_point": 0, "filename": null, "id": "region_248", "name": "private_0x000000007ec3a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2126749696, "timestamp": "00:00:28.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 675840, "start_va": 75759616, "type": "region", "version": 1 }, "end_va": 76435455, "entry_point": 75759616, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-System.dat", "id": "region_249", "name": "~fontcache-system.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-system.dat", "region_type": "memory_mapped_file", "start_va": 75759616, "timestamp": "00:00:28.713", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000250-addr_0x0000000001f60000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 32915455, "entry_point": 0, "filename": null, "id": "region_250", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:00:28.718", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000251-addr_0x0000000002000000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33570815, "entry_point": 0, "filename": null, "id": "region_251", "name": "private_0x0000000002000000", "norm_filename": null, "region_type": "private_memory", "start_va": 33554432, "timestamp": "00:00:28.720", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000252-addr_0x00000000048f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 76480512, "type": "region", "version": 1 }, "end_va": 77529087, "entry_point": 0, "filename": null, "id": "region_252", "name": "private_0x00000000048f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76480512, "timestamp": "00:00:28.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 77529088, "type": "region", "version": 1 }, "end_va": 82714623, "entry_point": 0, "filename": null, "id": "region_253", "name": "pagefile_0x00000000049f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 77529088, "timestamp": "00:00:28.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 82771968, "type": "region", "version": 1 }, "end_va": 99549183, "entry_point": 82771968, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-FontFace.dat", "id": "region_254", "name": "~fontcache-fontface.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-fontface.dat", "region_type": "memory_mapped_file", "start_va": 82771968, "timestamp": "00:00:28.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 24576, "start_va": 72351744, "type": "region", "version": 1 }, "end_va": 72376319, "entry_point": 0, "filename": null, "id": "region_255", "name": "pagefile_0x0000000004500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72351744, "timestamp": "00:00:28.769", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000256-addr_0x0000000004510000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 72482815, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x0000000004510000", "norm_filename": null, "region_type": "private_memory", "start_va": 72417280, "timestamp": "00:00:28.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 18534400, "start_va": 1979187200, "type": "region", "version": 1 }, "end_va": 1997721599, "entry_point": 1979187200, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_257", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979187200, "timestamp": "00:00:28.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 483328, "start_va": 1950089216, "type": "region", "version": 1 }, "end_va": 1950572543, "entry_point": 1950089216, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_258", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1950089216, "timestamp": "00:00:30.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 72421375, "entry_point": 0, "filename": null, "id": "region_259", "name": "pagefile_0x0000000004510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72417280, "timestamp": "00:00:30.996", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000260-addr_0x0000000004520000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 72482816, "type": "region", "version": 1 }, "end_va": 72548351, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x0000000004520000", "norm_filename": null, "region_type": "private_memory", "start_va": 72482816, "timestamp": "00:00:31.025", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000261-addr_0x0000000004530000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 72548352, "type": "region", "version": 1 }, "end_va": 72613887, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x0000000004530000", "norm_filename": null, "region_type": "private_memory", "start_va": 72548352, "timestamp": "00:00:31.037", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1949958144, "type": "region", "version": 1 }, "end_va": 1950076927, "entry_point": 1949958144, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_262", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1949958144, "timestamp": "00:00:31.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1946419200, "type": "region", "version": 1 }, "end_va": 1946517503, "entry_point": 1946419200, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_263", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1946419200, "timestamp": "00:00:31.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1895170048, "type": "region", "version": 1 }, "end_va": 1895362559, "entry_point": 1895170048, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_264", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1895170048, "timestamp": "00:00:31.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1895104512, "type": "region", "version": 1 }, "end_va": 1895161855, "entry_point": 1895104512, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_265", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1895104512, "timestamp": "00:00:33.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 397312, "start_va": 73793536, "type": "region", "version": 1 }, "end_va": 74190847, "entry_point": 73793536, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll", "id": "region_266", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 73793536, "timestamp": "00:00:33.344", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000267-addr_0x00000000046f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 74383360, "type": "region", "version": 1 }, "end_va": 74448895, "entry_point": 0, "filename": null, "id": "region_267", "name": "private_0x00000000046f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 74383360, "timestamp": "00:00:33.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 72482816, "type": "region", "version": 1 }, "end_va": 72552447, "entry_point": 0, "filename": null, "id": "region_268", "name": "pagefile_0x0000000004520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72482816, "timestamp": "00:00:33.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 72613888, "type": "region", "version": 1 }, "end_va": 72622079, "entry_point": 72613888, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_269", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 72613888, "timestamp": "00:00:33.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 74252288, "type": "region", "version": 1 }, "end_va": 74264575, "entry_point": 0, "filename": null, "id": "region_270", "name": "pagefile_0x00000000046d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 74252288, "timestamp": "00:00:33.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 74317824, "type": "region", "version": 1 }, "end_va": 74321919, "entry_point": 0, "filename": null, "id": "region_271", "name": "pagefile_0x00000000046e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 74317824, "timestamp": "00:00:33.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 74448896, "type": "region", "version": 1 }, "end_va": 74481663, "entry_point": 74448896, "filename": "\\Windows\\System32\\en-US\\tzres.dll.mui", "id": "region_272", "name": "tzres.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\tzres.dll.mui", "region_type": "memory_mapped_file", "start_va": 74448896, "timestamp": "00:00:33.416", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000275-addr_0x0000000004540000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 72613888, "type": "region", "version": 1 }, "end_va": 72679423, "entry_point": 0, "filename": null, "id": "region_275", "name": "private_0x0000000004540000", "norm_filename": null, "region_type": "private_memory", "start_va": 72613888, "timestamp": "00:00:33.494", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000276-addr_0x0000000005ef0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 99549184, "type": "region", "version": 1 }, "end_va": 100073471, "entry_point": 0, "filename": null, "id": "region_276", "name": "private_0x0000000005ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 99549184, "timestamp": "00:00:33.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1893728256, "type": "region", "version": 1 }, "end_va": 1895092223, "entry_point": 1893728256, "filename": "\\Windows\\SysWOW64\\WindowsCodecs.dll", "id": "region_277", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\syswow64\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1893728256, "timestamp": "00:00:33.502", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000278-addr_0x0000000005f70000-size_0x00000000002a3000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2764800, "start_va": 100073472, "type": "region", "version": 1 }, "end_va": 102838271, "entry_point": 0, "filename": null, "id": "region_278", "name": "private_0x0000000005f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 100073472, "timestamp": "00:00:33.582", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000279-addr_0x0000000006220000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 102891520, "type": "region", "version": 1 }, "end_va": 103940095, "entry_point": 0, "filename": null, "id": "region_279", "name": "private_0x0000000006220000", "norm_filename": null, "region_type": "private_memory", "start_va": 102891520, "timestamp": "00:00:33.584", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000280-addr_0x0000000004700000-size_0x0000000000030000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 196608, "start_va": 74448896, "type": "region", "version": 1 }, "end_va": 74645503, "entry_point": 0, "filename": null, "id": "region_280", "name": "private_0x0000000004700000", "norm_filename": null, "region_type": "private_memory", "start_va": 74448896, "timestamp": "00:00:33.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 74448896, "type": "region", "version": 1 }, "end_va": 74514431, "entry_point": 0, "filename": null, "id": "region_281", "name": "pagefile_0x0000000004700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 74448896, "timestamp": "00:00:33.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 74514432, "type": "region", "version": 1 }, "end_va": 74579967, "entry_point": 0, "filename": null, "id": "region_282", "name": "pagefile_0x0000000004710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 74514432, "timestamp": "00:00:33.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 74579968, "type": "region", "version": 1 }, "end_va": 74645503, "entry_point": 0, "filename": null, "id": "region_283", "name": "pagefile_0x0000000004720000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 74579968, "timestamp": "00:00:33.585", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000284-addr_0x0000000006320000-size_0x00000000000a2000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 663552, "start_va": 103940096, "type": "region", "version": 1 }, "end_va": 104603647, "entry_point": 0, "filename": null, "id": "region_284", "name": "private_0x0000000006320000", "norm_filename": null, "region_type": "private_memory", "start_va": 103940096, "timestamp": "00:00:33.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 103940096, "type": "region", "version": 1 }, "end_va": 103944191, "entry_point": 0, "filename": null, "id": "region_285", "name": "pagefile_0x0000000006320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 103940096, "timestamp": "00:00:33.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1893662720, "type": "region", "version": 1 }, "end_va": 1893695487, "entry_point": 1893662720, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_286", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1893662720, "timestamp": "00:00:55.852", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\5JgHKoaOfdp\\Desktop\\#Decryptor.exe\" ", "filename": "c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe", "id": "proc_2", "image_name": "#decryptor.exe", "monitor_reason": "modified_file", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000287-addr_0x0000000000fb0000-size_0x0000000000068000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 425984, "start_va": 16449536, "type": "region", "version": 1 }, "end_va": 16875519, "entry_point": 16449536, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\#Decryptor.exe", "id": "region_287", "name": "#decryptor.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe", "region_type": "memory_mapped_file", "start_va": 16449536, "timestamp": "00:01:31.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000288-addr_0x0000000001020000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 16908288, "type": "region", "version": 1 }, "end_va": 17039359, "entry_point": 0, "filename": null, "id": "region_288", "name": "private_0x0000000001020000", "norm_filename": null, "region_type": "private_memory", "start_va": 16908288, "timestamp": "00:01:31.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000289-addr_0x0000000001040000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 17039360, "type": "region", "version": 1 }, "end_va": 17043455, "entry_point": 0, "filename": null, "id": "region_289", "name": "private_0x0000000001040000", "norm_filename": null, "region_type": "private_memory", "start_va": 17039360, "timestamp": "00:01:31.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 17104896, "type": "region", "version": 1 }, "end_va": 17166335, "entry_point": 0, "filename": null, "id": "region_290", "name": "pagefile_0x0000000001050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17104896, "timestamp": "00:01:31.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000291-addr_0x0000000001060000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 17170432, "type": "region", "version": 1 }, "end_va": 17432575, "entry_point": 0, "filename": null, "id": "region_291", "name": "private_0x0000000001060000", "norm_filename": null, "region_type": "private_memory", "start_va": 17170432, "timestamp": "00:01:31.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000292-addr_0x00000000010a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 17432576, "type": "region", "version": 1 }, "end_va": 18481151, "entry_point": 0, "filename": null, "id": "region_292", "name": "private_0x00000000010a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 17432576, "timestamp": "00:01:31.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1474560, "start_va": 2002059264, "type": "region", "version": 1 }, "end_va": 2003533823, "entry_point": 2002059264, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_293", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002059264, "timestamp": "00:01:31.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2136866816, "type": "region", "version": 1 }, "end_va": 2137010175, "entry_point": 0, "filename": null, "id": "region_294", "name": "pagefile_0x000000007f5e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2136866816, "timestamp": "00:01:31.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000295-addr_0x000000007f605000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2137018368, "type": "region", "version": 1 }, "end_va": 2137022463, "entry_point": 0, "filename": null, "id": "region_295", "name": "private_0x000000007f605000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137018368, "timestamp": "00:01:31.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000296-addr_0x000000007f606000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2137022464, "type": "region", "version": 1 }, "end_va": 2137026559, "entry_point": 0, "filename": null, "id": "region_296", "name": "private_0x000000007f606000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137022464, "timestamp": "00:01:31.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000297-addr_0x000000007f60d000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2137051136, "type": "region", "version": 1 }, "end_va": 2137063423, "entry_point": 0, "filename": null, "id": "region_297", "name": "private_0x000000007f60d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137051136, "timestamp": "00:01:31.176", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000298-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_298", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:31.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140708852137984, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140710999556095, "entry_point": 0, "filename": null, "id": "region_299", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:31.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1744896, "start_va": 140710999556096, "type": "region", "version": 1 }, "end_va": 140711001300991, "entry_point": 140710999556096, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_300", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140710999556096, "timestamp": "00:01:31.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26486988800, "start_va": 140711001300992, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_301", "name": "private_0x00007ff9d53fa000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711001300992, "timestamp": "00:01:31.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 18481152, "type": "region", "version": 1 }, "end_va": 18497535, "entry_point": 0, "filename": null, "id": "region_302", "name": "pagefile_0x00000000011a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18481152, "timestamp": "00:01:31.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 18546688, "type": "region", "version": 1 }, "end_va": 18550783, "entry_point": 0, "filename": null, "id": "region_303", "name": "pagefile_0x00000000011b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18546688, "timestamp": "00:01:31.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000304-addr_0x00000000011c0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 18612224, "type": "region", "version": 1 }, "end_va": 18620415, "entry_point": 0, "filename": null, "id": "region_304", "name": "private_0x00000000011c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18612224, "timestamp": "00:01:31.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000305-addr_0x00000000013c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20709376, "type": "region", "version": 1 }, "end_va": 20774911, "entry_point": 0, "filename": null, "id": "region_305", "name": "private_0x00000000013c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20709376, "timestamp": "00:01:31.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 2001207296, "type": "region", "version": 1 }, "end_va": 2001244159, "entry_point": 2001207296, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_306", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 2001207296, "timestamp": "00:01:31.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 2001272832, "type": "region", "version": 1 }, "end_va": 2001571839, "entry_point": 2001272832, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_307", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 2001272832, "timestamp": "00:01:31.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 425984, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2002026495, "entry_point": 2001600512, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_308", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:01:31.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 16908288, "type": "region", "version": 1 }, "end_va": 16973823, "entry_point": 0, "filename": null, "id": "region_309", "name": "pagefile_0x0000000001020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16908288, "timestamp": "00:01:31.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 18677760, "type": "region", "version": 1 }, "end_va": 19193855, "entry_point": 18677760, "filename": "\\Windows\\System32\\locale.nls", "id": "region_310", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 18677760, "timestamp": "00:01:31.204", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000311-addr_0x0000000001590000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 22609920, "type": "region", "version": 1 }, "end_va": 23658495, "entry_point": 0, "filename": null, "id": "region_311", "name": "private_0x0000000001590000", "norm_filename": null, "region_type": "private_memory", "start_va": 22609920, "timestamp": "00:01:31.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 1961558016, "type": "region", "version": 1 }, "end_va": 1961910271, "entry_point": 1961558016, "filename": "\\Windows\\SysWOW64\\mscoree.dll", "id": "region_312", "name": "mscoree.dll", "norm_filename": "c:\\windows\\syswow64\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1961558016, "timestamp": "00:01:31.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1969160192, "type": "region", "version": 1 }, "end_va": 1970470911, "entry_point": 1969160192, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_313", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1969160192, "timestamp": "00:01:31.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 847872, "start_va": 1972699136, "type": "region", "version": 1 }, "end_va": 1973547007, "entry_point": 1972699136, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_314", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972699136, "timestamp": "00:01:31.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2135818240, "type": "region", "version": 1 }, "end_va": 2136866815, "entry_point": 0, "filename": null, "id": "region_315", "name": "pagefile_0x000000007f4e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2135818240, "timestamp": "00:01:31.205", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000316-addr_0x0000000001030000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 16973824, "type": "region", "version": 1 }, "end_va": 16990207, "entry_point": 0, "filename": null, "id": "region_316", "name": "private_0x0000000001030000", "norm_filename": null, "region_type": "private_memory", "start_va": 16973824, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000317-addr_0x0000000001360000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20316160, "type": "region", "version": 1 }, "end_va": 20381695, "entry_point": 0, "filename": null, "id": "region_317", "name": "private_0x0000000001360000", "norm_filename": null, "region_type": "private_memory", "start_va": 20316160, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000318-addr_0x0000000001550000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 22347776, "type": "region", "version": 1 }, "end_va": 22413311, "entry_point": 0, "filename": null, "id": "region_318", "name": "private_0x0000000001550000", "norm_filename": null, "region_type": "private_memory", "start_va": 22347776, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 1949302784, "type": "region", "version": 1 }, "end_va": 1949929471, "entry_point": 1949302784, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_319", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1949302784, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 1961951232, "type": "region", "version": 1 }, "end_va": 1962291199, "entry_point": 1961951232, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_320", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1961951232, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962381311, "entry_point": 1962344448, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_321", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1962409984, "type": "region", "version": 1 }, "end_va": 1962528767, "entry_point": 1962409984, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_322", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962409984, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 491520, "start_va": 1962606592, "type": "region", "version": 1 }, "end_va": 1963098111, "entry_point": 1962606592, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_323", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1962606592, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 724992, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1971195903, "entry_point": 1970470912, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_324", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 1975386112, "type": "region", "version": 1 }, "end_va": 1975640063, "entry_point": 1975386112, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_325", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1975386112, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_326", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:01:31.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 516096, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961549823, "entry_point": 1961033728, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_327", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:31.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000328-addr_0x0000000001040000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 17039360, "type": "region", "version": 1 }, "end_va": 17043455, "entry_point": 0, "filename": null, "id": "region_328", "name": "private_0x0000000001040000", "norm_filename": null, "region_type": "private_memory", "start_va": 17039360, "timestamp": "00:01:31.263", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000329-addr_0x0000000001250000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 19202048, "type": "region", "version": 1 }, "end_va": 19206143, "entry_point": 0, "filename": null, "id": "region_329", "name": "private_0x0000000001250000", "norm_filename": null, "region_type": "private_memory", "start_va": 19202048, "timestamp": "00:01:31.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 23658496, "type": "region", "version": 1 }, "end_va": 25264127, "entry_point": 0, "filename": null, "id": "region_330", "name": "pagefile_0x0000000001690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 23658496, "timestamp": "00:01:31.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 25296896, "type": "region", "version": 1 }, "end_va": 26873855, "entry_point": 0, "filename": null, "id": "region_331", "name": "pagefile_0x0000000001820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 25296896, "timestamp": "00:01:31.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 26935296, "type": "region", "version": 1 }, "end_va": 47906815, "entry_point": 0, "filename": null, "id": "region_332", "name": "pagefile_0x00000000019b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 26935296, "timestamp": "00:01:31.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1368064, "start_va": 1963196416, "type": "region", "version": 1 }, "end_va": 1964564479, "entry_point": 1963196416, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_333", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1963196416, "timestamp": "00:01:31.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1081344, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1965654015, "entry_point": 1964572672, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_334", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:01:31.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1011712, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968926719, "entry_point": 1967915008, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_335", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:01:31.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1968963584, "type": "region", "version": 1 }, "end_va": 1969115135, "entry_point": 1968963584, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_336", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1968963584, "timestamp": "00:01:31.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 266240, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977094143, "entry_point": 1976827904, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_337", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:31.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1372160, "start_va": 1977810944, "type": "region", "version": 1 }, "end_va": 1979183103, "entry_point": 1977810944, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_338", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1977810944, "timestamp": "00:01:31.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 1953169408, "type": "region", "version": 1 }, "end_va": 1954050047, "entry_point": 1953169408, "filename": "\\Windows\\SysWOW64\\msvcr120_clr0400.dll", "id": "region_339", "name": "msvcr120_clr0400.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr120_clr0400.dll", "region_type": "memory_mapped_file", "start_va": 1953169408, "timestamp": "00:01:31.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6926336, "start_va": 1954086912, "type": "region", "version": 1 }, "end_va": 1961013247, "entry_point": 1954086912, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", "id": "region_340", "name": "clr.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", "region_type": "memory_mapped_file", "start_va": 1954086912, "timestamp": "00:01:31.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19267584, "type": "region", "version": 1 }, "end_va": 19271679, "entry_point": 0, "filename": null, "id": "region_341", "name": "pagefile_0x0000000001260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19267584, "timestamp": "00:01:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 19333120, "type": "region", "version": 1 }, "end_va": 19398655, "entry_point": 0, "filename": null, "id": "region_342", "name": "pagefile_0x0000000001270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19333120, "timestamp": "00:01:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000343-addr_0x0000000001280000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19398656, "type": "region", "version": 1 }, "end_va": 19464191, "entry_point": 0, "filename": null, "id": "region_343", "name": "private_0x0000000001280000", "norm_filename": null, "region_type": "private_memory", "start_va": 19398656, "timestamp": "00:01:31.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000344-addr_0x0000000001290000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19464192, "type": "region", "version": 1 }, "end_va": 19529727, "entry_point": 0, "filename": null, "id": "region_344", "name": "private_0x0000000001290000", "norm_filename": null, "region_type": "private_memory", "start_va": 19464192, "timestamp": "00:01:31.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000345-addr_0x00000000012a0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19529728, "type": "region", "version": 1 }, "end_va": 19595263, "entry_point": 0, "filename": null, "id": "region_345", "name": "private_0x00000000012a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19529728, "timestamp": "00:01:31.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000346-addr_0x00000000012b0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19595264, "type": "region", "version": 1 }, "end_va": 19660799, "entry_point": 0, "filename": null, "id": "region_346", "name": "private_0x00000000012b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19595264, "timestamp": "00:01:31.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000347-addr_0x00000000012c0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19660800, "type": "region", "version": 1 }, "end_va": 19726335, "entry_point": 0, "filename": null, "id": "region_347", "name": "private_0x00000000012c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19660800, "timestamp": "00:01:31.500", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000348-addr_0x00000000012d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 19726336, "type": "region", "version": 1 }, "end_va": 19730431, "entry_point": 0, "filename": null, "id": "region_348", "name": "private_0x00000000012d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19726336, "timestamp": "00:01:31.500", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000349-addr_0x00000000012e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 19791872, "type": "region", "version": 1 }, "end_va": 19795967, "entry_point": 0, "filename": null, "id": "region_349", "name": "private_0x00000000012e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19791872, "timestamp": "00:01:31.500", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000350-addr_0x00000000012f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 19857408, "type": "region", "version": 1 }, "end_va": 20119551, "entry_point": 0, "filename": null, "id": "region_350", "name": "private_0x00000000012f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19857408, "timestamp": "00:01:31.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000351-addr_0x0000000001350000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 20316159, "entry_point": 0, "filename": null, "id": "region_351", "name": "private_0x0000000001350000", "norm_filename": null, "region_type": "private_memory", "start_va": 20250624, "timestamp": "00:01:31.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000352-addr_0x0000000001370000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 20381696, "type": "region", "version": 1 }, "end_va": 20643839, "entry_point": 0, "filename": null, "id": "region_352", "name": "private_0x0000000001370000", "norm_filename": null, "region_type": "private_memory", "start_va": 20381696, "timestamp": "00:01:31.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000353-addr_0x0000000001450000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 21299200, "type": "region", "version": 1 }, "end_va": 21364735, "entry_point": 0, "filename": null, "id": "region_353", "name": "private_0x0000000001450000", "norm_filename": null, "region_type": "private_memory", "start_va": 21299200, "timestamp": "00:01:31.502", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000354-addr_0x0000000001460000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 21364736, "type": "region", "version": 1 }, "end_va": 22020095, "entry_point": 0, "filename": null, "id": "region_354", "name": "private_0x0000000001460000", "norm_filename": null, "region_type": "private_memory", "start_va": 21364736, "timestamp": "00:01:31.502", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000355-addr_0x0000000002db0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 47906816, "type": "region", "version": 1 }, "end_va": 48955391, "entry_point": 0, "filename": null, "id": "region_355", "name": "private_0x0000000002db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47906816, "timestamp": "00:01:31.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 48955392, "type": "region", "version": 1 }, "end_va": 82509823, "entry_point": 0, "filename": null, "id": "region_356", "name": "private_0x0000000002eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48955392, "timestamp": "00:01:31.503", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000357-addr_0x0000000004eb0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 82509824, "type": "region", "version": 1 }, "end_va": 83558399, "entry_point": 0, "filename": null, "id": "region_357", "name": "private_0x0000000004eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82509824, "timestamp": "00:01:31.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 83558400, "type": "region", "version": 1 }, "end_va": 86527999, "entry_point": 83558400, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_358", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 83558400, "timestamp": "00:01:31.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 17387520, "start_va": 1927741440, "type": "region", "version": 1 }, "end_va": 1945128959, "entry_point": 1927741440, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\c90ef9a73ea0044641d31b19023aad61\\mscorlib.ni.dll", "id": "region_359", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\c90ef9a73ea0044641d31b19023aad61\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1927741440, "timestamp": "00:01:31.504", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000360-addr_0x000000007f607000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2137026560, "type": "region", "version": 1 }, "end_va": 2137038847, "entry_point": 0, "filename": null, "id": "region_360", "name": "private_0x000000007f607000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137026560, "timestamp": "00:01:31.504", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000361-addr_0x000000007f60a000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2137038848, "type": "region", "version": 1 }, "end_va": 2137051135, "entry_point": 0, "filename": null, "id": "region_361", "name": "private_0x000000007f60a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137038848, "timestamp": "00:01:31.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1953103872, "type": "region", "version": 1 }, "end_va": 1953140735, "entry_point": 1953103872, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_362", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1953103872, "timestamp": "00:01:31.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1097728, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1972355071, "entry_point": 1971257344, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_363", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:01:31.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 1948385280, "type": "region", "version": 1 }, "end_va": 1949282303, "entry_point": 1948385280, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_364", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1948385280, "timestamp": "00:01:31.516", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000365-addr_0x00000000013d0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 20774912, "type": "region", "version": 1 }, "end_va": 21299199, "entry_point": 0, "filename": null, "id": "region_365", "name": "private_0x00000000013d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20774912, "timestamp": "00:01:31.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 20119552, "type": "region", "version": 1 }, "end_va": 20123647, "entry_point": 0, "filename": null, "id": "region_366", "name": "pagefile_0x0000000001330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20119552, "timestamp": "00:01:31.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 987136, "start_va": 86573056, "type": "region", "version": 1 }, "end_va": 87560191, "entry_point": 0, "filename": null, "id": "region_367", "name": "pagefile_0x0000000005290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 86573056, "timestamp": "00:01:31.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 20119552, "type": "region", "version": 1 }, "end_va": 20135935, "entry_point": 0, "filename": null, "id": "region_368", "name": "pagefile_0x0000000001330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20119552, "timestamp": "00:01:31.518", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000369-addr_0x0000000001340000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 20185088, "type": "region", "version": 1 }, "end_va": 20201471, "entry_point": 0, "filename": null, "id": "region_369", "name": "private_0x0000000001340000", "norm_filename": null, "region_type": "private_memory", "start_va": 20185088, "timestamp": "00:01:31.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6959104, "start_va": 1910702080, "type": "region", "version": 1 }, "end_va": 1917661183, "entry_point": 1910702080, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\c1194e56644c7688e7eb0f68a57dcc30\\System.Core.ni.dll", "id": "region_370", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\c1194e56644c7688e7eb0f68a57dcc30\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1910702080, "timestamp": "00:01:31.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10014720, "start_va": 1917714432, "type": "region", "version": 1 }, "end_va": 1927729151, "entry_point": 1917714432, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\c24d08cc4e93fc4f6f15a637b00a2721\\System.ni.dll", "id": "region_371", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\c24d08cc4e93fc4f6f15a637b00a2721\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1917714432, "timestamp": "00:01:31.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1951125503, "entry_point": 1950613504, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll", "id": "region_372", "name": "clrjit.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:01:31.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1937408, "start_va": 1951137792, "type": "region", "version": 1 }, "end_va": 1953075199, "entry_point": 1951137792, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\288e4f2cf5b7a96028c8bb3fce6dc043\\Microsoft.VisualBasic.ni.dll", "id": "region_373", "name": "microsoft.visualbasic.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\288e4f2cf5b7a96028c8bb3fce6dc043\\microsoft.visualbasic.ni.dll", "region_type": "memory_mapped_file", "start_va": 1951137792, "timestamp": "00:01:31.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 552960, "start_va": 1975910400, "type": "region", "version": 1 }, "end_va": 1976463359, "entry_point": 1975910400, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_374", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1975910400, "timestamp": "00:01:31.751", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000375-addr_0x00000000013b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20643840, "type": "region", "version": 1 }, "end_va": 20709375, "entry_point": 0, "filename": null, "id": "region_375", "name": "private_0x00000000013b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20643840, "timestamp": "00:01:31.829", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000376-addr_0x00000000013d0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20774912, "type": "region", "version": 1 }, "end_va": 20840447, "entry_point": 0, "filename": null, "id": "region_376", "name": "private_0x00000000013d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20774912, "timestamp": "00:01:31.830", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000377-addr_0x00000000013e0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20840448, "type": "region", "version": 1 }, "end_va": 20905983, "entry_point": 0, "filename": null, "id": "region_377", "name": "private_0x00000000013e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20840448, "timestamp": "00:01:31.830", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000378-addr_0x0000000001440000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 21233664, "type": "region", "version": 1 }, "end_va": 21299199, "entry_point": 0, "filename": null, "id": "region_378", "name": "private_0x0000000001440000", "norm_filename": null, "region_type": "private_memory", "start_va": 21233664, "timestamp": "00:01:31.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12869632, "start_va": 1897791488, "type": "region", "version": 1 }, "end_va": 1910661119, "entry_point": 1897791488, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\635558b506364815e8348217e86fdf99\\System.Windows.Forms.ni.dll", "id": "region_379", "name": "system.windows.forms.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\635558b506364815e8348217e86fdf99\\system.windows.forms.ni.dll", "region_type": "memory_mapped_file", "start_va": 1897791488, "timestamp": "00:01:31.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1646592, "start_va": 1946550272, "type": "region", "version": 1 }, "end_va": 1948196863, "entry_point": 1946550272, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\ddb52221ad0200b7c2e0a308e47d5c7c\\System.Drawing.ni.dll", "id": "region_380", "name": "system.drawing.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\ddb52221ad0200b7c2e0a308e47d5c7c\\system.drawing.ni.dll", "region_type": "memory_mapped_file", "start_va": 1946550272, "timestamp": "00:01:31.831", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000381-addr_0x0000000005530000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 89325568, "type": "region", "version": 1 }, "end_va": 89391103, "entry_point": 0, "filename": null, "id": "region_381", "name": "private_0x0000000005530000", "norm_filename": null, "region_type": "private_memory", "start_va": 89325568, "timestamp": "00:01:31.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 536576, "start_va": 87621632, "type": "region", "version": 1 }, "end_va": 88158207, "entry_point": 87621632, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_7c55c866aa0c3ff0\\comctl32.dll", "id": "region_382", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_7c55c866aa0c3ff0\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 87621632, "timestamp": "00:01:31.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 548864, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999659007, "entry_point": 1999110144, "filename": "\\Windows\\SysWOW64\\comctl32.dll", "id": "region_383", "name": "comctl32.dll", "norm_filename": "c:\\windows\\syswow64\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:01:31.901", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000384-addr_0x0000000005540000-size_0x00000000001d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1900544, "start_va": 89391104, "type": "region", "version": 1 }, "end_va": 91291647, "entry_point": 0, "filename": null, "id": "region_384", "name": "private_0x0000000005540000", "norm_filename": null, "region_type": "private_memory", "start_va": 89391104, "timestamp": "00:01:31.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1948352511, "entry_point": 1948254208, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_385", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:01:31.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 806912, "start_va": 1896939520, "type": "region", "version": 1 }, "end_va": 1897746431, "entry_point": 1896939520, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\0139b8d6c29df85226a7fe833e5cc4f1\\System.Runtime.Remoting.ni.dll", "id": "region_386", "name": "system.runtime.remoting.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\0139b8d6c29df85226a7fe833e5cc4f1\\system.runtime.remoting.ni.dll", "region_type": "memory_mapped_file", "start_va": 1896939520, "timestamp": "00:01:32.046", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000387-addr_0x000000007f480000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2135425024, "type": "region", "version": 1 }, "end_va": 2135490559, "entry_point": 0, "filename": null, "id": "region_387", "name": "private_0x000000007f480000", "norm_filename": null, "region_type": "private_memory", "start_va": 2135425024, "timestamp": "00:01:32.046", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000388-addr_0x000000007f490000-size_0x0000000000050000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 327680, "start_va": 2135490560, "type": "region", "version": 1 }, "end_va": 2135818239, "entry_point": 0, "filename": null, "id": "region_388", "name": "private_0x000000007f490000", "norm_filename": null, "region_type": "private_memory", "start_va": 2135490560, "timestamp": "00:01:32.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 20905984, "type": "region", "version": 1 }, "end_va": 20914175, "entry_point": 20905984, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_389", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 20905984, "timestamp": "00:01:32.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 20971520, "type": "region", "version": 1 }, "end_va": 20983807, "entry_point": 0, "filename": null, "id": "region_390", "name": "pagefile_0x0000000001400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20971520, "timestamp": "00:01:32.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 21037056, "type": "region", "version": 1 }, "end_va": 21041151, "entry_point": 0, "filename": null, "id": "region_391", "name": "pagefile_0x0000000001410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 21037056, "timestamp": "00:01:32.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 21102592, "type": "region", "version": 1 }, "end_va": 21135359, "entry_point": 21102592, "filename": "\\Windows\\System32\\en-US\\tzres.dll.mui", "id": "region_392", "name": "tzres.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\tzres.dll.mui", "region_type": "memory_mapped_file", "start_va": 21102592, "timestamp": "00:01:32.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1999097855, "entry_point": 1997733888, "filename": "\\Windows\\SysWOW64\\GdiPlus.dll", "id": "region_395", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\syswow64\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:32.245", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000396-addr_0x0000000005390000-size_0x0000000000150000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1376256, "start_va": 87621632, "type": "region", "version": 1 }, "end_va": 88997887, "entry_point": 0, "filename": null, "id": "region_396", "name": "private_0x0000000005390000", "norm_filename": null, "region_type": "private_memory", "start_va": 87621632, "timestamp": "00:01:32.246", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000397-addr_0x0000000001500000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 22020096, "type": "region", "version": 1 }, "end_va": 22282239, "entry_point": 0, "filename": null, "id": "region_397", "name": "private_0x0000000001500000", "norm_filename": null, "region_type": "private_memory", "start_va": 22020096, "timestamp": "00:01:32.249", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000398-addr_0x0000000005390000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 87621632, "type": "region", "version": 1 }, "end_va": 88670207, "entry_point": 0, "filename": null, "id": "region_398", "name": "private_0x0000000005390000", "norm_filename": null, "region_type": "private_memory", "start_va": 87621632, "timestamp": "00:01:32.250", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000399-addr_0x00000000054d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 88932352, "type": "region", "version": 1 }, "end_va": 88997887, "entry_point": 0, "filename": null, "id": "region_399", "name": "private_0x00000000054d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88932352, "timestamp": "00:01:32.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1515520, "start_va": 1895366656, "type": "region", "version": 1 }, "end_va": 1896882175, "entry_point": 1895366656, "filename": "\\Windows\\SysWOW64\\DWrite.dll", "id": "region_400", "name": "dwrite.dll", "norm_filename": "c:\\windows\\syswow64\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 1895366656, "timestamp": "00:01:32.250", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000401-addr_0x000000007f47d000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2135412736, "type": "region", "version": 1 }, "end_va": 2135425023, "entry_point": 0, "filename": null, "id": "region_401", "name": "private_0x000000007f47d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2135412736, "timestamp": "00:01:32.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 675840, "start_va": 89391104, "type": "region", "version": 1 }, "end_va": 90066943, "entry_point": 89391104, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-System.dat", "id": "region_402", "name": "~fontcache-system.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-system.dat", "region_type": "memory_mapped_file", "start_va": 89391104, "timestamp": "00:01:32.269", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000403-addr_0x0000000005700000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 91226112, "type": "region", "version": 1 }, "end_va": 91291647, "entry_point": 0, "filename": null, "id": "region_403", "name": "private_0x0000000005700000", "norm_filename": null, "region_type": "private_memory", "start_va": 91226112, "timestamp": "00:01:32.269", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000404-addr_0x00000000013f0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 20905984, "type": "region", "version": 1 }, "end_va": 20922367, "entry_point": 0, "filename": null, "id": "region_404", "name": "private_0x00000000013f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20905984, "timestamp": "00:01:32.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000405-addr_0x0000000001420000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 21102592, "type": "region", "version": 1 }, "end_va": 21118975, "entry_point": 0, "filename": null, "id": "region_405", "name": "private_0x0000000001420000", "norm_filename": null, "region_type": "private_memory", "start_va": 21102592, "timestamp": "00:01:32.273", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000406-addr_0x00000000055f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 90112000, "type": "region", "version": 1 }, "end_va": 91160575, "entry_point": 0, "filename": null, "id": "region_406", "name": "private_0x00000000055f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 90112000, "timestamp": "00:01:32.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 91291648, "type": "region", "version": 1 }, "end_va": 96477183, "entry_point": 0, "filename": null, "id": "region_407", "name": "pagefile_0x0000000005710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 91291648, "timestamp": "00:01:32.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 96534528, "type": "region", "version": 1 }, "end_va": 113311743, "entry_point": 96534528, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-FontFace.dat", "id": "region_408", "name": "~fontcache-fontface.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-fontface.dat", "region_type": "memory_mapped_file", "start_va": 96534528, "timestamp": "00:01:32.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1945894912, "type": "region", "version": 1 }, "end_va": 1946419199, "entry_point": 1945894912, "filename": "\\Windows\\SysWOW64\\riched20.dll", "id": "region_409", "name": "riched20.dll", "norm_filename": "c:\\windows\\syswow64\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 1945894912, "timestamp": "00:01:32.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1945763840, "type": "region", "version": 1 }, "end_va": 1945845759, "entry_point": 1945763840, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_410", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1945763840, "timestamp": "00:01:32.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 200704, "start_va": 1945501696, "type": "region", "version": 1 }, "end_va": 1945702399, "entry_point": 1945501696, "filename": "\\Windows\\SysWOW64\\msls31.dll", "id": "region_411", "name": "msls31.dll", "norm_filename": "c:\\windows\\syswow64\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 1945501696, "timestamp": "00:01:32.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1893662720, "type": "region", "version": 1 }, "end_va": 1893695487, "entry_point": 1893662720, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_412", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1893662720, "timestamp": "00:01:32.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4177920, "start_va": 113311744, "type": "region", "version": 1 }, "end_va": 117489663, "entry_point": 0, "filename": null, "id": "region_413", "name": "pagefile_0x0000000006c10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 113311744, "timestamp": "00:01:32.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 117506048, "type": "region", "version": 1 }, "end_va": 132644863, "entry_point": 117506048, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_414", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 117506048, "timestamp": "00:01:32.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 397312, "start_va": 132644864, "type": "region", "version": 1 }, "end_va": 133042175, "entry_point": 132644864, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll", "id": "region_415", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 132644864, "timestamp": "00:01:32.883", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000416-addr_0x0000000001430000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 21168128, "type": "region", "version": 1 }, "end_va": 21172223, "entry_point": 0, "filename": null, "id": "region_416", "name": "private_0x0000000001430000", "norm_filename": null, "region_type": "private_memory", "start_va": 21168128, "timestamp": "00:01:32.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 22282240, "type": "region", "version": 1 }, "end_va": 22302719, "entry_point": 22282240, "filename": "\\Windows\\System32\\en-US\\user32.dll.mui", "id": "region_417", "name": "user32.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\user32.dll.mui", "region_type": "memory_mapped_file", "start_va": 22282240, "timestamp": "00:01:32.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 22413312, "type": "region", "version": 1 }, "end_va": 22417407, "entry_point": 0, "filename": null, "id": "region_418", "name": "pagefile_0x0000000001560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 22413312, "timestamp": "00:01:32.911", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000419-addr_0x0000000007ef0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 133103616, "type": "region", "version": 1 }, "end_va": 133627903, "entry_point": 0, "filename": null, "id": "region_419", "name": "private_0x0000000007ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 133103616, "timestamp": "00:01:32.911", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000420-addr_0x0000000001560000-size_0x0000000000004000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 22413312, "type": "region", "version": 1 }, "end_va": 22429695, "entry_point": 0, "filename": null, "id": "region_420", "name": "private_0x0000000001560000", "norm_filename": null, "region_type": "private_memory", "start_va": 22413312, "timestamp": "00:01:32.940", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000421-addr_0x0000000007f70000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 133627904, "type": "region", "version": 1 }, "end_va": 134680575, "entry_point": 0, "filename": null, "id": "region_421", "name": "private_0x0000000007f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 133627904, "timestamp": "00:01:32.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 22478848, "type": "region", "version": 1 }, "end_va": 22491135, "entry_point": 0, "filename": null, "id": "region_422", "name": "pagefile_0x0000000001570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 22478848, "timestamp": "00:01:32.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1990656, "start_va": 1891631104, "type": "region", "version": 1 }, "end_va": 1893621759, "entry_point": 1891631104, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7\\comctl32.dll", "id": "region_423", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1891631104, "timestamp": "00:01:32.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 22544384, "type": "region", "version": 1 }, "end_va": 22548479, "entry_point": 22544384, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_424", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 22544384, "timestamp": "00:01:33.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 88670208, "type": "region", "version": 1 }, "end_va": 88678399, "entry_point": 0, "filename": null, "id": "region_425", "name": "pagefile_0x0000000005490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 88670208, "timestamp": "00:01:33.369", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000426-addr_0x0000000001580000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 22544384, "type": "region", "version": 1 }, "end_va": 22609919, "entry_point": 0, "filename": null, "id": "region_426", "name": "private_0x0000000001580000", "norm_filename": null, "region_type": "private_memory", "start_va": 22544384, "timestamp": "00:01:33.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 18534400, "start_va": 1979187200, "type": "region", "version": 1 }, "end_va": 1997721599, "entry_point": 1979187200, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_427", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979187200, "timestamp": "00:01:33.398", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000428-addr_0x00000000054a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 88735744, "type": "region", "version": 1 }, "end_va": 88801279, "entry_point": 0, "filename": null, "id": "region_428", "name": "private_0x00000000054a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88735744, "timestamp": "00:01:33.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 483328, "start_va": 1950089216, "type": "region", "version": 1 }, "end_va": 1950572543, "entry_point": 1950089216, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_429", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1950089216, "timestamp": "00:01:33.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 88735744, "type": "region", "version": 1 }, "end_va": 88739839, "entry_point": 0, "filename": null, "id": "region_430", "name": "pagefile_0x00000000054a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 88735744, "timestamp": "00:01:33.476", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000431-addr_0x00000000054b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 88801280, "type": "region", "version": 1 }, "end_va": 88866815, "entry_point": 0, "filename": null, "id": "region_431", "name": "private_0x00000000054b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88801280, "timestamp": "00:01:33.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1449984, "start_va": 133627904, "type": "region", "version": 1 }, "end_va": 135077887, "entry_point": 0, "filename": null, "id": "region_432", "name": "pagefile_0x0000000007f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 133627904, "timestamp": "00:01:33.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000433-addr_0x00000000054b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 88801280, "type": "region", "version": 1 }, "end_va": 88805375, "entry_point": 0, "filename": null, "id": "region_433", "name": "private_0x00000000054b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88801280, "timestamp": "00:01:33.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000434-addr_0x00000000054c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 88866816, "type": "region", "version": 1 }, "end_va": 88870911, "entry_point": 0, "filename": null, "id": "region_434", "name": "private_0x00000000054c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88866816, "timestamp": "00:01:33.639", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000435-addr_0x00000000054b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_241", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 88801280, "type": "region", "version": 1 }, "end_va": 88805375, "entry_point": 0, "filename": null, "id": "region_435", "name": "private_0x00000000054b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88801280, "timestamp": "00:01:33.646", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000436-addr_0x00000000054b0000-size_0x0000000000005000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 20480, "start_va": 88801280, "type": "region", "version": 1 }, "end_va": 88821759, "entry_point": 0, "filename": null, "id": "region_436", "name": "private_0x00000000054b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88801280, "timestamp": "00:01:33.756", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000437-addr_0x00000000054e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 88997888, "type": "region", "version": 1 }, "end_va": 89001983, "entry_point": 0, "filename": null, "id": "region_437", "name": "private_0x00000000054e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88997888, "timestamp": "00:01:33.757", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000438-addr_0x00000000054f0000-size_0x0000000000018000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 98304, "start_va": 89063424, "type": "region", "version": 1 }, "end_va": 89161727, "entry_point": 0, "filename": null, "id": "region_438", "name": "private_0x00000000054f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 89063424, "timestamp": "00:01:33.802", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000439-addr_0x00000000054b0000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 88801280, "type": "region", "version": 1 }, "end_va": 88834047, "entry_point": 0, "filename": null, "id": "region_439", "name": "private_0x00000000054b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88801280, "timestamp": "00:01:33.868", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000440-addr_0x0000000005510000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_246", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 89194496, "type": "region", "version": 1 }, "end_va": 89198591, "entry_point": 0, "filename": null, "id": "region_440", "name": "private_0x0000000005510000", "norm_filename": null, "region_type": "private_memory", "start_va": 89194496, "timestamp": "00:01:33.897", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000441-addr_0x00000000054e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_247", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 88997888, "type": "region", "version": 1 }, "end_va": 89063423, "entry_point": 0, "filename": null, "id": "region_441", "name": "private_0x00000000054e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88997888, "timestamp": "00:01:44.234", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000442-addr_0x00000000054f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_248", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 89063424, "type": "region", "version": 1 }, "end_va": 89128959, "entry_point": 0, "filename": null, "id": "region_442", "name": "private_0x00000000054f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 89063424, "timestamp": "00:01:44.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000448-addr_0x00000000054f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 89063424, "type": "region", "version": 1 }, "end_va": 89067519, "entry_point": 0, "filename": null, "id": "region_448", "name": "private_0x00000000054f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 89063424, "timestamp": "00:01:54.856", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000449-addr_0x00000000054c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_250", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 88866816, "type": "region", "version": 1 }, "end_va": 88870911, "entry_point": 0, "filename": null, "id": "region_449", "name": "private_0x00000000054c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88866816, "timestamp": "00:01:54.858", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\5JgHKoaOfdp\\Desktop\\#Decryptor.exe\" ", "filename": "c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe", "id": "proc_3", "image_name": "#decryptor.exe", "monitor_reason": "autostart", "monitored_id": 3, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000003-region_00000451-addr_0x0000000000990000-size_0x0000000000068000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_252", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 425984, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 10452991, "entry_point": 10027008, "filename": "\\Users\\5JgHKoaOfdp\\Desktop\\#Decryptor.exe", "id": "region_451", "name": "#decryptor.exe", "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe", "region_type": "memory_mapped_file", "start_va": 10027008, "timestamp": "00:02:29.034", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000452-addr_0x0000000000a00000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_253", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10616831, "entry_point": 0, "filename": null, "id": "region_452", "name": "private_0x0000000000a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 10485760, "timestamp": "00:02:29.035", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000453-addr_0x0000000000a20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_254", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 10620927, "entry_point": 0, "filename": null, "id": "region_453", "name": "private_0x0000000000a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 10616832, "timestamp": "00:02:29.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 61440, "start_va": 10682368, "type": "region", "version": 1 }, "end_va": 10743807, "entry_point": 0, "filename": null, "id": "region_454", "name": "pagefile_0x0000000000a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10682368, "timestamp": "00:02:29.035", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000455-addr_0x0000000000a40000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_255", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 11010047, "entry_point": 0, "filename": null, "id": "region_455", "name": "private_0x0000000000a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 10747904, "timestamp": "00:02:29.036", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000456-addr_0x0000000000a80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_256", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 12058623, "entry_point": 0, "filename": null, "id": "region_456", "name": "private_0x0000000000a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 11010048, "timestamp": "00:02:29.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1474560, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003468287, "entry_point": 2001993728, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_457", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:02:29.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2146631680, "type": "region", "version": 1 }, "end_va": 2146775039, "entry_point": 0, "filename": null, "id": "region_458", "name": "pagefile_0x000000007ff30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2146631680, "timestamp": "00:02:29.036", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000459-addr_0x000000007ff5b000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_257", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146807808, "type": "region", "version": 1 }, "end_va": 2146820095, "entry_point": 0, "filename": null, "id": "region_459", "name": "private_0x000000007ff5b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146807808, "timestamp": "00:02:29.036", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000460-addr_0x000000007ff5e000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_258", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2146820096, "type": "region", "version": 1 }, "end_va": 2146824191, "entry_point": 0, "filename": null, "id": "region_460", "name": "private_0x000000007ff5e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146820096, "timestamp": "00:02:29.037", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000461-addr_0x000000007ff5f000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_259", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2146824192, "type": "region", "version": 1 }, "end_va": 2146828287, "entry_point": 0, "filename": null, "id": "region_461", "name": "private_0x000000007ff5f000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146824192, "timestamp": "00:02:29.037", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000462-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_260", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_462", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:29.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140703438929920, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140705586348031, "entry_point": 0, "filename": null, "id": "region_463", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:29.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1744896, "start_va": 140705586348032, "type": "region", "version": 1 }, "end_va": 140705588092927, "entry_point": 140705586348032, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_464", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140705586348032, "timestamp": "00:02:29.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 31900196864, "start_va": 140705588092928, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_465", "name": "private_0x00007ff89298a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140705588092928, "timestamp": "00:02:29.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 12058624, "type": "region", "version": 1 }, "end_va": 12075007, "entry_point": 0, "filename": null, "id": "region_592", "name": "pagefile_0x0000000000b80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12058624, "timestamp": "00:02:30.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 12124160, "type": "region", "version": 1 }, "end_va": 12128255, "entry_point": 0, "filename": null, "id": "region_593", "name": "pagefile_0x0000000000b90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12124160, "timestamp": "00:02:30.373", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000594-addr_0x0000000000ba0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_261", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 12189696, "type": "region", "version": 1 }, "end_va": 12197887, "entry_point": 0, "filename": null, "id": "region_594", "name": "private_0x0000000000ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12189696, "timestamp": "00:02:30.374", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000595-addr_0x0000000000c40000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_262", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12910591, "entry_point": 0, "filename": null, "id": "region_595", "name": "private_0x0000000000c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 12845056, "timestamp": "00:02:30.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 2001141760, "type": "region", "version": 1 }, "end_va": 2001440767, "entry_point": 2001141760, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_596", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 2001141760, "timestamp": "00:02:30.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 425984, "start_va": 2001469440, "type": "region", "version": 1 }, "end_va": 2001895423, "entry_point": 2001469440, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_597", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 2001469440, "timestamp": "00:02:30.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 2001928192, "type": "region", "version": 1 }, "end_va": 2001965055, "entry_point": 2001928192, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_598", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 2001928192, "timestamp": "00:02:30.374", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000599-addr_0x0000000000d20000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_263", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 13762560, "type": "region", "version": 1 }, "end_va": 14811135, "entry_point": 0, "filename": null, "id": "region_599", "name": "private_0x0000000000d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 13762560, "timestamp": "00:02:30.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1961844735, "entry_point": 1961492480, "filename": "\\Windows\\SysWOW64\\mscoree.dll", "id": "region_600", "name": "mscoree.dll", "norm_filename": "c:\\windows\\syswow64\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:02:30.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1971388415, "entry_point": 1970077696, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_601", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:02:30.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 847872, "start_va": 1973026816, "type": "region", "version": 1 }, "end_va": 1973874687, "entry_point": 1973026816, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_602", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1973026816, "timestamp": "00:02:30.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10551295, "entry_point": 0, "filename": null, "id": "region_603", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:02:30.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 516096, "start_va": 12255232, "type": "region", "version": 1 }, "end_va": 12771327, "entry_point": 12255232, "filename": "\\Windows\\System32\\locale.nls", "id": "region_604", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 12255232, "timestamp": "00:02:30.394", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000605-addr_0x0000000000ef0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_264", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 15663104, "type": "region", "version": 1 }, "end_va": 15728639, "entry_point": 0, "filename": null, "id": "region_605", "name": "private_0x0000000000ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15663104, "timestamp": "00:02:30.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 1960837120, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1960837120, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_606", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1960837120, "timestamp": "00:02:30.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2145583104, "type": "region", "version": 1 }, "end_va": 2146631679, "entry_point": 0, "filename": null, "id": "region_607", "name": "pagefile_0x000000007fe30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2145583104, "timestamp": "00:02:30.394", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000608-addr_0x0000000000a10000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_265", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 10567679, "entry_point": 0, "filename": null, "id": "region_608", "name": "private_0x0000000000a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 10551296, "timestamp": "00:02:30.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 1961885696, "type": "region", "version": 1 }, "end_va": 1962225663, "entry_point": 1961885696, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_609", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1961885696, "timestamp": "00:02:30.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1962278912, "type": "region", "version": 1 }, "end_va": 1962315775, "entry_point": 1962278912, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_610", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962278912, "timestamp": "00:02:30.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962463231, "entry_point": 1962344448, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_611", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:02:30.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 724992, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1964380159, "entry_point": 1963655168, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_612", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:02:30.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 491520, "start_va": 1964441600, "type": "region", "version": 1 }, "end_va": 1964933119, "entry_point": 1964441600, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_613", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1964441600, "timestamp": "00:02:30.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1976762368, "type": "region", "version": 1 }, "end_va": 1977540607, "entry_point": 1976762368, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_614", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976762368, "timestamp": "00:02:30.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 1978859520, "type": "region", "version": 1 }, "end_va": 1979113471, "entry_point": 1978859520, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_615", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1978859520, "timestamp": "00:02:30.425", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000616-addr_0x0000000001060000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_266", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 17170432, "type": "region", "version": 1 }, "end_va": 17235967, "entry_point": 0, "filename": null, "id": "region_616", "name": "private_0x0000000001060000", "norm_filename": null, "region_type": "private_memory", "start_va": 17170432, "timestamp": "00:02:30.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 516096, "start_va": 1960312832, "type": "region", "version": 1 }, "end_va": 1960828927, "entry_point": 1960312832, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_617", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1960312832, "timestamp": "00:02:30.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1081344, "start_va": 1968963584, "type": "region", "version": 1 }, "end_va": 1970044927, "entry_point": 1968963584, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_618", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968963584, "timestamp": "00:02:30.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1372160, "start_va": 1975386112, "type": "region", "version": 1 }, "end_va": 1976758271, "entry_point": 1975386112, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_619", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975386112, "timestamp": "00:02:30.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 266240, "start_va": 1980891136, "type": "region", "version": 1 }, "end_va": 1981157375, "entry_point": 1980891136, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_620", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980891136, "timestamp": "00:02:30.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1368064, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2001133567, "entry_point": 1999765504, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_621", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:02:30.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 18841599, "entry_point": 0, "filename": null, "id": "region_622", "name": "pagefile_0x0000000001070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17235968, "timestamp": "00:02:30.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1011712, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1972989951, "entry_point": 1971978240, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_623", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:02:30.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1977548800, "type": "region", "version": 1 }, "end_va": 1977700351, "entry_point": 1977548800, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_624", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1977548800, "timestamp": "00:02:30.455", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000625-addr_0x0000000000a20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_267", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 10620927, "entry_point": 0, "filename": null, "id": "region_625", "name": "private_0x0000000000a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 10616832, "timestamp": "00:02:30.464", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000626-addr_0x0000000000c30000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_268", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 12783615, "entry_point": 0, "filename": null, "id": "region_626", "name": "private_0x0000000000c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 12779520, "timestamp": "00:02:30.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 20451327, "entry_point": 0, "filename": null, "id": "region_627", "name": "pagefile_0x0000000001200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18874368, "timestamp": "00:02:30.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 20512768, "type": "region", "version": 1 }, "end_va": 41484287, "entry_point": 0, "filename": null, "id": "region_628", "name": "pagefile_0x0000000001390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20512768, "timestamp": "00:02:30.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1953329151, "entry_point": 1952448512, "filename": "\\Windows\\SysWOW64\\msvcr120_clr0400.dll", "id": "region_629", "name": "msvcr120_clr0400.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr120_clr0400.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:02:30.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6926336, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1960292351, "entry_point": 1953366016, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clr.dll", "id": "region_630", "name": "clr.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clr.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:02:30.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12910592, "type": "region", "version": 1 }, "end_va": 12914687, "entry_point": 0, "filename": null, "id": "region_631", "name": "pagefile_0x0000000000c50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12910592, "timestamp": "00:02:30.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 13041663, "entry_point": 0, "filename": null, "id": "region_632", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:02:30.668", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000633-addr_0x0000000000c70000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_269", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 13041664, "type": "region", "version": 1 }, "end_va": 13107199, "entry_point": 0, "filename": null, "id": "region_633", "name": "private_0x0000000000c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 13041664, "timestamp": "00:02:30.668", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000634-addr_0x0000000000c80000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_270", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 13107200, "type": "region", "version": 1 }, "end_va": 13172735, "entry_point": 0, "filename": null, "id": "region_634", "name": "private_0x0000000000c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 13107200, "timestamp": "00:02:30.668", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000635-addr_0x0000000000c90000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_271", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 13172736, "type": "region", "version": 1 }, "end_va": 13238271, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x0000000000c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 13172736, "timestamp": "00:02:30.669", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000636-addr_0x0000000000ca0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_272", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 13238272, "type": "region", "version": 1 }, "end_va": 13303807, "entry_point": 0, "filename": null, "id": "region_636", "name": "private_0x0000000000ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13238272, "timestamp": "00:02:30.669", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000637-addr_0x0000000000cb0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 13303808, "type": "region", "version": 1 }, "end_va": 13369343, "entry_point": 0, "filename": null, "id": "region_637", "name": "private_0x0000000000cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13303808, "timestamp": "00:02:30.670", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000638-addr_0x0000000000cc0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 13369344, "type": "region", "version": 1 }, "end_va": 13373439, "entry_point": 0, "filename": null, "id": "region_638", "name": "private_0x0000000000cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13369344, "timestamp": "00:02:30.670", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000639-addr_0x0000000000cd0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 13434880, "type": "region", "version": 1 }, "end_va": 13438975, "entry_point": 0, "filename": null, "id": "region_639", "name": "private_0x0000000000cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13434880, "timestamp": "00:02:30.670", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000640-addr_0x0000000000ce0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 13500416, "type": "region", "version": 1 }, "end_va": 13762559, "entry_point": 0, "filename": null, "id": "region_640", "name": "private_0x0000000000ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13500416, "timestamp": "00:02:30.671", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000641-addr_0x0000000000e20000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 14811136, "type": "region", "version": 1 }, "end_va": 15466495, "entry_point": 0, "filename": null, "id": "region_641", "name": "private_0x0000000000e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 14811136, "timestamp": "00:02:30.671", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000642-addr_0x0000000000ee0000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 15597568, "type": "region", "version": 1 }, "end_va": 15663103, "entry_point": 0, "filename": null, "id": "region_642", "name": "private_0x0000000000ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15597568, "timestamp": "00:02:30.672", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000643-addr_0x0000000000f00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 15728640, "type": "region", "version": 1 }, "end_va": 16777215, "entry_point": 0, "filename": null, "id": "region_643", "name": "private_0x0000000000f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 15728640, "timestamp": "00:02:30.672", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000644-addr_0x0000000001000000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 16777216, "type": "region", "version": 1 }, "end_va": 17039359, "entry_point": 0, "filename": null, "id": "region_644", "name": "private_0x0000000001000000", "norm_filename": null, "region_type": "private_memory", "start_va": 16777216, "timestamp": "00:02:30.672", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000645-addr_0x0000000002790000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 42532863, "entry_point": 0, "filename": null, "id": "region_645", "name": "private_0x0000000002790000", "norm_filename": null, "region_type": "private_memory", "start_va": 41484288, "timestamp": "00:02:30.673", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000646-addr_0x0000000002950000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_282", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43384831, "entry_point": 0, "filename": null, "id": "region_646", "name": "private_0x0000000002950000", "norm_filename": null, "region_type": "private_memory", "start_va": 43319296, "timestamp": "00:02:30.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 76939263, "entry_point": 0, "filename": null, "id": "region_647", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:02:30.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2969600, "start_va": 76939264, "type": "region", "version": 1 }, "end_va": 79908863, "entry_point": 76939264, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_648", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 76939264, "timestamp": "00:02:30.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 17387520, "start_va": 1935015936, "type": "region", "version": 1 }, "end_va": 1952403455, "entry_point": 1935015936, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\mscorlib\\c90ef9a73ea0044641d31b19023aad61\\mscorlib.ni.dll", "id": "region_649", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\mscorlib\\c90ef9a73ea0044641d31b19023aad61\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1935015936, "timestamp": "00:02:30.674", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000650-addr_0x000000007ff55000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_283", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146783232, "type": "region", "version": 1 }, "end_va": 2146795519, "entry_point": 0, "filename": null, "id": "region_650", "name": "private_0x000000007ff55000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146783232, "timestamp": "00:02:30.675", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000651-addr_0x000000007ff58000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_284", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146795520, "type": "region", "version": 1 }, "end_va": 2146807807, "entry_point": 0, "filename": null, "id": "region_651", "name": "private_0x000000007ff58000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146795520, "timestamp": "00:02:30.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1097728, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1963573247, "entry_point": 1962475520, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_652", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:02:30.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1934950400, "type": "region", "version": 1 }, "end_va": 1934987263, "entry_point": 1934950400, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_653", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1934950400, "timestamp": "00:02:30.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 1934032896, "type": "region", "version": 1 }, "end_va": 1934929919, "entry_point": 1934032896, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_654", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1934032896, "timestamp": "00:02:30.684", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000655-addr_0x0000000000ec0000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_285", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 15466496, "type": "region", "version": 1 }, "end_va": 15597567, "entry_point": 0, "filename": null, "id": "region_655", "name": "private_0x0000000000ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15466496, "timestamp": "00:02:30.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 15466496, "type": "region", "version": 1 }, "end_va": 15470591, "entry_point": 0, "filename": null, "id": "region_656", "name": "pagefile_0x0000000000ec0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15466496, "timestamp": "00:02:30.686", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000657-addr_0x0000000000ed0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_286", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 15532032, "type": "region", "version": 1 }, "end_va": 15597567, "entry_point": 0, "filename": null, "id": "region_657", "name": "private_0x0000000000ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15532032, "timestamp": "00:02:30.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 987136, "start_va": 79953920, "type": "region", "version": 1 }, "end_va": 80941055, "entry_point": 0, "filename": null, "id": "region_658", "name": "pagefile_0x0000000004c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 79953920, "timestamp": "00:02:30.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 15466496, "type": "region", "version": 1 }, "end_va": 15482879, "entry_point": 0, "filename": null, "id": "region_659", "name": "pagefile_0x0000000000ec0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15466496, "timestamp": "00:02:30.687", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000660-addr_0x0000000001040000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 17039360, "type": "region", "version": 1 }, "end_va": 17055743, "entry_point": 0, "filename": null, "id": "region_660", "name": "private_0x0000000001040000", "norm_filename": null, "region_type": "private_memory", "start_va": 17039360, "timestamp": "00:02:30.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 512000, "start_va": 1914503168, "type": "region", "version": 1 }, "end_va": 1915015167, "entry_point": 1914503168, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\clrjit.dll", "id": "region_661", "name": "clrjit.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\clrjit.dll", "region_type": "memory_mapped_file", "start_va": 1914503168, "timestamp": "00:02:30.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1937408, "start_va": 1915027456, "type": "region", "version": 1 }, "end_va": 1916964863, "entry_point": 1915027456, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\Microsoft.V9921e851#\\288e4f2cf5b7a96028c8bb3fce6dc043\\Microsoft.VisualBasic.ni.dll", "id": "region_662", "name": "microsoft.visualbasic.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\microsoft.v9921e851#\\288e4f2cf5b7a96028c8bb3fce6dc043\\microsoft.visualbasic.ni.dll", "region_type": "memory_mapped_file", "start_va": 1915027456, "timestamp": "00:02:30.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6959104, "start_va": 1916993536, "type": "region", "version": 1 }, "end_va": 1923952639, "entry_point": 1916993536, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Core\\c1194e56644c7688e7eb0f68a57dcc30\\System.Core.ni.dll", "id": "region_663", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.core\\c1194e56644c7688e7eb0f68a57dcc30\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1916993536, "timestamp": "00:02:30.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10014720, "start_va": 1924005888, "type": "region", "version": 1 }, "end_va": 1934020607, "entry_point": 1924005888, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System\\c24d08cc4e93fc4f6f15a637b00a2721\\System.ni.dll", "id": "region_664", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system\\c24d08cc4e93fc4f6f15a637b00a2721\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1924005888, "timestamp": "00:02:30.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 552960, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974693887, "entry_point": 1974140928, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_665", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:02:30.899", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000666-addr_0x0000000001050000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 17104896, "type": "region", "version": 1 }, "end_va": 17170431, "entry_point": 0, "filename": null, "id": "region_666", "name": "private_0x0000000001050000", "norm_filename": null, "region_type": "private_memory", "start_va": 17104896, "timestamp": "00:02:30.977", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000667-addr_0x0000000002890000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_289", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 42598399, "entry_point": 0, "filename": null, "id": "region_667", "name": "private_0x0000000002890000", "norm_filename": null, "region_type": "private_memory", "start_va": 42532864, "timestamp": "00:02:30.977", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000668-addr_0x00000000028a0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_668", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:02:30.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12869632, "start_va": 1899888640, "type": "region", "version": 1 }, "end_va": 1912758271, "entry_point": 1899888640, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Windows.Forms\\635558b506364815e8348217e86fdf99\\System.Windows.Forms.ni.dll", "id": "region_669", "name": "system.windows.forms.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.windows.forms\\635558b506364815e8348217e86fdf99\\system.windows.forms.ni.dll", "region_type": "memory_mapped_file", "start_va": 1899888640, "timestamp": "00:02:30.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1646592, "start_va": 1912799232, "type": "region", "version": 1 }, "end_va": 1914445823, "entry_point": 1912799232, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Drawing\\ddb52221ad0200b7c2e0a308e47d5c7c\\System.Drawing.ni.dll", "id": "region_670", "name": "system.drawing.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.drawing\\ddb52221ad0200b7c2e0a308e47d5c7c\\system.drawing.ni.dll", "region_type": "memory_mapped_file", "start_va": 1912799232, "timestamp": "00:02:30.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000671-addr_0x0000000004e00000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_291", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 81788928, "type": "region", "version": 1 }, "end_va": 81854463, "entry_point": 0, "filename": null, "id": "region_671", "name": "private_0x0000000004e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 81788928, "timestamp": "00:02:31.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 536576, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 43200511, "entry_point": 42663936, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_7c55c866aa0c3ff0\\comctl32.dll", "id": "region_672", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.16384_none_7c55c866aa0c3ff0\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 42663936, "timestamp": "00:02:31.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 548864, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971937279, "entry_point": 1971388416, "filename": "\\Windows\\SysWOW64\\comctl32.dll", "id": "region_673", "name": "comctl32.dll", "norm_filename": "c:\\windows\\syswow64\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:02:31.034", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000674-addr_0x0000000004e10000-size_0x00000000001f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_292", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2031616, "start_va": 81854464, "type": "region", "version": 1 }, "end_va": 83886079, "entry_point": 0, "filename": null, "id": "region_674", "name": "private_0x0000000004e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 81854464, "timestamp": "00:02:31.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1899757568, "type": "region", "version": 1 }, "end_va": 1899855871, "entry_point": 1899757568, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_675", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1899757568, "timestamp": "00:02:31.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 806912, "start_va": 1898905600, "type": "region", "version": 1 }, "end_va": 1899712511, "entry_point": 1898905600, "filename": "\\Windows\\assembly\\NativeImages_v4.0.30319_32\\System.Runt73a1fc9d#\\0139b8d6c29df85226a7fe833e5cc4f1\\System.Runtime.Remoting.ni.dll", "id": "region_676", "name": "system.runtime.remoting.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v4.0.30319_32\\system.runt73a1fc9d#\\0139b8d6c29df85226a7fe833e5cc4f1\\system.runtime.remoting.ni.dll", "region_type": "memory_mapped_file", "start_va": 1898905600, "timestamp": "00:02:31.153", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000677-addr_0x000000007fdd0000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2145189888, "type": "region", "version": 1 }, "end_va": 2145255423, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x000000007fdd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145189888, "timestamp": "00:02:31.154", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000678-addr_0x000000007fde0000-size_0x0000000000050000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 327680, "start_va": 2145255424, "type": "region", "version": 1 }, "end_va": 2145583103, "entry_point": 0, "filename": null, "id": "region_678", "name": "private_0x000000007fde0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145255424, "timestamp": "00:02:31.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 42672127, "entry_point": 42663936, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_679", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 42663936, "timestamp": "00:02:31.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 42729472, "type": "region", "version": 1 }, "end_va": 42741759, "entry_point": 0, "filename": null, "id": "region_680", "name": "pagefile_0x00000000028c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42729472, "timestamp": "00:02:31.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 42795008, "type": "region", "version": 1 }, "end_va": 42799103, "entry_point": 0, "filename": null, "id": "region_681", "name": "pagefile_0x00000000028d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42795008, "timestamp": "00:02:31.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 32768, "start_va": 42860544, "type": "region", "version": 1 }, "end_va": 42893311, "entry_point": 42860544, "filename": "\\Windows\\System32\\en-US\\tzres.dll.mui", "id": "region_682", "name": "tzres.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\tzres.dll.mui", "region_type": "memory_mapped_file", "start_va": 42860544, "timestamp": "00:02:31.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1966329855, "entry_point": 1964965888, "filename": "\\Windows\\SysWOW64\\GdiPlus.dll", "id": "region_685", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\syswow64\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:02:31.306", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000686-addr_0x00000000028b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 42729471, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x00000000028b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42663936, "timestamp": "00:02:31.307", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000687-addr_0x00000000028e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42860544, "type": "region", "version": 1 }, "end_va": 43122687, "entry_point": 0, "filename": null, "id": "region_687", "name": "private_0x00000000028e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42860544, "timestamp": "00:02:31.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000688-addr_0x0000000004e10000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 81854464, "type": "region", "version": 1 }, "end_va": 82903039, "entry_point": 0, "filename": null, "id": "region_688", "name": "private_0x0000000004e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 81854464, "timestamp": "00:02:31.315", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000689-addr_0x0000000004ff0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 83820544, "type": "region", "version": 1 }, "end_va": 83886079, "entry_point": 0, "filename": null, "id": "region_689", "name": "private_0x0000000004ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83820544, "timestamp": "00:02:31.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1515520, "start_va": 1897332736, "type": "region", "version": 1 }, "end_va": 1898848255, "entry_point": 1897332736, "filename": "\\Windows\\SysWOW64\\DWrite.dll", "id": "region_690", "name": "dwrite.dll", "norm_filename": "c:\\windows\\syswow64\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 1897332736, "timestamp": "00:02:31.315", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000691-addr_0x000000007fdcd000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145177600, "type": "region", "version": 1 }, "end_va": 2145189887, "entry_point": 0, "filename": null, "id": "region_691", "name": "private_0x000000007fdcd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145177600, "timestamp": "00:02:31.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 675840, "start_va": 81002496, "type": "region", "version": 1 }, "end_va": 81678335, "entry_point": 81002496, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-System.dat", "id": "region_692", "name": "~fontcache-system.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-system.dat", "region_type": "memory_mapped_file", "start_va": 81002496, "timestamp": "00:02:31.318", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000693-addr_0x0000000002920000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_300", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 43122688, "type": "region", "version": 1 }, "end_va": 43139071, "entry_point": 0, "filename": null, "id": "region_693", "name": "private_0x0000000002920000", "norm_filename": null, "region_type": "private_memory", "start_va": 43122688, "timestamp": "00:02:31.320", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000694-addr_0x0000000002930000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43204607, "entry_point": 0, "filename": null, "id": "region_694", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:02:31.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000695-addr_0x0000000005000000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 83886080, "type": "region", "version": 1 }, "end_va": 84934655, "entry_point": 0, "filename": null, "id": "region_695", "name": "private_0x0000000005000000", "norm_filename": null, "region_type": "private_memory", "start_va": 83886080, "timestamp": "00:02:31.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 84934656, "type": "region", "version": 1 }, "end_va": 90120191, "entry_point": 0, "filename": null, "id": "region_696", "name": "pagefile_0x0000000005100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 84934656, "timestamp": "00:02:31.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 90177536, "type": "region", "version": 1 }, "end_va": 106954751, "entry_point": 90177536, "filename": "\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\~FontCache-FontFace.dat", "id": "region_697", "name": "~fontcache-fontface.dat", "norm_filename": "c:\\windows\\serviceprofiles\\localservice\\appdata\\local\\~fontcache-fontface.dat", "region_type": "memory_mapped_file", "start_va": 90177536, "timestamp": "00:02:31.344", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000698-addr_0x0000000006600000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_303", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 106954752, "type": "region", "version": 1 }, "end_va": 111149055, "entry_point": 0, "filename": null, "id": "region_698", "name": "private_0x0000000006600000", "norm_filename": null, "region_type": "private_memory", "start_va": 106954752, "timestamp": "00:02:31.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 667648, "start_va": 82903040, "type": "region", "version": 1 }, "end_va": 83570687, "entry_point": 82903040, "filename": "\\Windows\\Fonts\\micross.ttf", "id": "region_699", "name": "micross.ttf", "norm_filename": "c:\\windows\\fonts\\micross.ttf", "region_type": "memory_mapped_file", "start_va": 82903040, "timestamp": "00:02:31.349", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000700-addr_0x0000000006a00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_304", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 111149056, "type": "region", "version": 1 }, "end_va": 112197631, "entry_point": 0, "filename": null, "id": "region_700", "name": "private_0x0000000006a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 111149056, "timestamp": "00:02:31.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1896808448, "type": "region", "version": 1 }, "end_va": 1897332735, "entry_point": 1896808448, "filename": "\\Windows\\SysWOW64\\riched20.dll", "id": "region_701", "name": "riched20.dll", "norm_filename": "c:\\windows\\syswow64\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 1896808448, "timestamp": "00:02:31.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1896677376, "type": "region", "version": 1 }, "end_va": 1896759295, "entry_point": 1896677376, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_702", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1896677376, "timestamp": "00:02:31.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 200704, "start_va": 1896415232, "type": "region", "version": 1 }, "end_va": 1896615935, "entry_point": 1896415232, "filename": "\\Windows\\SysWOW64\\msls31.dll", "id": "region_703", "name": "msls31.dll", "norm_filename": "c:\\windows\\syswow64\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 1896415232, "timestamp": "00:02:31.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1896349696, "type": "region", "version": 1 }, "end_va": 1896382463, "entry_point": 1896349696, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_704", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1896349696, "timestamp": "00:02:31.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4177920, "start_va": 112197632, "type": "region", "version": 1 }, "end_va": 116375551, "entry_point": 0, "filename": null, "id": "region_705", "name": "pagefile_0x0000000006b00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 112197632, "timestamp": "00:02:31.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15138816, "start_va": 116391936, "type": "region", "version": 1 }, "end_va": 131530751, "entry_point": 116391936, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_706", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 116391936, "timestamp": "00:02:31.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 397312, "start_va": 82903040, "type": "region", "version": 1 }, "end_va": 83300351, "entry_point": 82903040, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorrc.dll", "id": "region_707", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 82903040, "timestamp": "00:02:31.559", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000708-addr_0x0000000002940000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43257855, "entry_point": 0, "filename": null, "id": "region_708", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:02:31.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 81723392, "type": "region", "version": 1 }, "end_va": 81743871, "entry_point": 81723392, "filename": "\\Windows\\System32\\en-US\\user32.dll.mui", "id": "region_709", "name": "user32.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\user32.dll.mui", "region_type": "memory_mapped_file", "start_va": 81723392, "timestamp": "00:02:31.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 83361792, "type": "region", "version": 1 }, "end_va": 83365887, "entry_point": 0, "filename": null, "id": "region_710", "name": "pagefile_0x0000000004f80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83361792, "timestamp": "00:02:31.580", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000711-addr_0x0000000007d70000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_306", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 131530752, "type": "region", "version": 1 }, "end_va": 132055039, "entry_point": 0, "filename": null, "id": "region_711", "name": "private_0x0000000007d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 131530752, "timestamp": "00:02:31.581", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000712-addr_0x0000000004f80000-size_0x0000000000004000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_307", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 83361792, "type": "region", "version": 1 }, "end_va": 83378175, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x0000000004f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 83361792, "timestamp": "00:02:31.607", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000713-addr_0x0000000007df0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_308", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 132055040, "type": "region", "version": 1 }, "end_va": 133107711, "entry_point": 0, "filename": null, "id": "region_713", "name": "private_0x0000000007df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 132055040, "timestamp": "00:02:31.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 83427328, "type": "region", "version": 1 }, "end_va": 83439615, "entry_point": 0, "filename": null, "id": "region_714", "name": "pagefile_0x0000000004f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83427328, "timestamp": "00:02:31.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1990656, "start_va": 1894318080, "type": "region", "version": 1 }, "end_va": 1896308735, "entry_point": 1894318080, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7\\comctl32.dll", "id": "region_715", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1894318080, "timestamp": "00:02:31.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 83492864, "type": "region", "version": 1 }, "end_va": 83496959, "entry_point": 83492864, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_716", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 83492864, "timestamp": "00:02:31.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 83558400, "type": "region", "version": 1 }, "end_va": 83566591, "entry_point": 0, "filename": null, "id": "region_717", "name": "pagefile_0x0000000004fb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83558400, "timestamp": "00:02:31.642", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000718-addr_0x0000000004fa0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_309", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 83492864, "type": "region", "version": 1 }, "end_va": 83558399, "entry_point": 0, "filename": null, "id": "region_718", "name": "private_0x0000000004fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83492864, "timestamp": "00:02:31.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 18534400, "start_va": 1981218816, "type": "region", "version": 1 }, "end_va": 1999753215, "entry_point": 1981218816, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_719", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1981218816, "timestamp": "00:02:31.658", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000720-addr_0x0000000004fc0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_310", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 83689471, "entry_point": 0, "filename": null, "id": "region_720", "name": "private_0x0000000004fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83623936, "timestamp": "00:02:31.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 483328, "start_va": 1893793792, "type": "region", "version": 1 }, "end_va": 1894277119, "entry_point": 1893793792, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_721", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1893793792, "timestamp": "00:02:31.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 83628031, "entry_point": 0, "filename": null, "id": "region_722", "name": "pagefile_0x0000000004fc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83623936, "timestamp": "00:02:31.709", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000723-addr_0x0000000004fd0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_311", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 83755007, "entry_point": 0, "filename": null, "id": "region_723", "name": "private_0x0000000004fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83689472, "timestamp": "00:02:31.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1449984, "start_va": 132055040, "type": "region", "version": 1 }, "end_va": 133505023, "entry_point": 0, "filename": null, "id": "region_724", "name": "pagefile_0x0000000007df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 132055040, "timestamp": "00:02:31.772", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000725-addr_0x0000000004fd0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_312", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 83693567, "entry_point": 0, "filename": null, "id": "region_725", "name": "private_0x0000000004fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83689472, "timestamp": "00:02:31.783", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000726-addr_0x0000000004fe0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_313", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 83755008, "type": "region", "version": 1 }, "end_va": 83759103, "entry_point": 0, "filename": null, "id": "region_726", "name": "private_0x0000000004fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83755008, "timestamp": "00:02:31.788", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000727-addr_0x0000000004fd0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 83693567, "entry_point": 0, "filename": null, "id": "region_727", "name": "private_0x0000000004fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83689472, "timestamp": "00:02:31.794", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000728-addr_0x0000000004fd0000-size_0x0000000000005000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 20480, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 83709951, "entry_point": 0, "filename": null, "id": "region_728", "name": "private_0x0000000004fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83689472, "timestamp": "00:02:31.831", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000729-addr_0x0000000005100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_316", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 84934656, "type": "region", "version": 1 }, "end_va": 84938751, "entry_point": 0, "filename": null, "id": "region_729", "name": "private_0x0000000005100000", "norm_filename": null, "region_type": "private_memory", "start_va": 84934656, "timestamp": "00:02:31.831", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000730-addr_0x0000000005110000-size_0x0000000000018000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 98304, "start_va": 85000192, "type": "region", "version": 1 }, "end_va": 85098495, "entry_point": 0, "filename": null, "id": "region_730", "name": "private_0x0000000005110000", "norm_filename": null, "region_type": "private_memory", "start_va": 85000192, "timestamp": "00:02:31.847", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000731-addr_0x0000000004fd0000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_318", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 83722239, "entry_point": 0, "filename": null, "id": "region_731", "name": "private_0x0000000004fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83689472, "timestamp": "00:02:31.877", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000732-addr_0x0000000005130000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 85131264, "type": "region", "version": 1 }, "end_va": 85135359, "entry_point": 0, "filename": null, "id": "region_732", "name": "private_0x0000000005130000", "norm_filename": null, "region_type": "private_memory", "start_va": 85131264, "timestamp": "00:02:31.895", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000736-addr_0x0000000005100000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_320", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 84934656, "type": "region", "version": 1 }, "end_va": 84963327, "entry_point": 0, "filename": null, "id": "region_736", "name": "private_0x0000000005100000", "norm_filename": null, "region_type": "private_memory", "start_va": 84934656, "timestamp": "00:02:44.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000737-addr_0x0000000005140000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_321", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 85196800, "type": "region", "version": 1 }, "end_va": 85458943, "entry_point": 0, "filename": null, "id": "region_737", "name": "private_0x0000000005140000", "norm_filename": null, "region_type": "private_memory", "start_va": 85196800, "timestamp": "00:02:44.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000738-addr_0x0000000005180000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_322", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 85458944, "type": "region", "version": 1 }, "end_va": 86507519, "entry_point": 0, "filename": null, "id": "region_738", "name": "private_0x0000000005180000", "norm_filename": null, "region_type": "private_memory", "start_va": 85458944, "timestamp": "00:02:44.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000739-addr_0x0000000005280000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_323", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 86507520, "type": "region", "version": 1 }, "end_va": 86769663, "entry_point": 0, "filename": null, "id": "region_739", "name": "private_0x0000000005280000", "norm_filename": null, "region_type": "private_memory", "start_va": 86507520, "timestamp": "00:02:44.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000740-addr_0x00000000052c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_324", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 86769664, "type": "region", "version": 1 }, "end_va": 87818239, "entry_point": 0, "filename": null, "id": "region_740", "name": "private_0x00000000052c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86769664, "timestamp": "00:02:44.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000741-addr_0x00000000053c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_325", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 87818240, "type": "region", "version": 1 }, "end_va": 88080383, "entry_point": 0, "filename": null, "id": "region_741", "name": "private_0x00000000053c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 87818240, "timestamp": "00:02:44.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000742-addr_0x0000000005400000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_326", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 88080384, "type": "region", "version": 1 }, "end_va": 89128959, "entry_point": 0, "filename": null, "id": "region_742", "name": "private_0x0000000005400000", "norm_filename": null, "region_type": "private_memory", "start_va": 88080384, "timestamp": "00:02:44.562", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000743-addr_0x000000007fdc4000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_327", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145140736, "type": "region", "version": 1 }, "end_va": 2145153023, "entry_point": 0, "filename": null, "id": "region_743", "name": "private_0x000000007fdc4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145140736, "timestamp": "00:02:44.562", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000744-addr_0x000000007fdc7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_328", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145153024, "type": "region", "version": 1 }, "end_va": 2145165311, "entry_point": 0, "filename": null, "id": "region_744", "name": "private_0x000000007fdc7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145153024, "timestamp": "00:02:44.562", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000745-addr_0x000000007fdca000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_329", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145165312, "type": "region", "version": 1 }, "end_va": 2145177599, "entry_point": 0, "filename": null, "id": "region_745", "name": "private_0x000000007fdca000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145165312, "timestamp": "00:02:44.563", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000747-addr_0x0000000005500000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_330", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 89128960, "type": "region", "version": 1 }, "end_va": 89391103, "entry_point": 0, "filename": null, "id": "region_747", "name": "private_0x0000000005500000", "norm_filename": null, "region_type": "private_memory", "start_va": 89128960, "timestamp": "00:02:44.624", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000748-addr_0x0000000007f60000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_331", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 133562368, "type": "region", "version": 1 }, "end_va": 134610943, "entry_point": 0, "filename": null, "id": "region_748", "name": "private_0x0000000007f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 133562368, "timestamp": "00:02:44.624", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000749-addr_0x000000007fdc1000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_332", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145128448, "type": "region", "version": 1 }, "end_va": 2145140735, "entry_point": 0, "filename": null, "id": "region_749", "name": "private_0x000000007fdc1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145128448, "timestamp": "00:02:44.625", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "Crypt.exe", "id": 20929, "md5_hash": "e1b571f1ad5266156c8233fa0d2ba1e0", "sample_type": "windows_exe_(x86-32)", "sha1_hash": "dcec2db3a228baeef3c629991743fc7e39bfaab6", "sha256_hash": "9dbd7b3133c9bc80b9ed83712d488d014b856c8814a268871046a30c4b6fc6ae", "size": 450560, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 850138, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_22094.png", "size": 542295, "thumbnail_archive_path": "screenshots/thumbnail_22094.png", "timestamp": "00:00:22.094", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_24450.png", "size": 850386, "thumbnail_archive_path": "screenshots/thumbnail_24450.png", "timestamp": "00:00:24.450", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_34088.png", "size": 160844, "thumbnail_archive_path": "screenshots/thumbnail_34088.png", "timestamp": "00:00:34.088", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_35141.png", "size": 127837, "thumbnail_archive_path": "screenshots/thumbnail_35141.png", "timestamp": "00:00:35.141", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_64465.png", "size": 145957, "thumbnail_archive_path": "screenshots/thumbnail_64465.png", "timestamp": "00:01:04.465", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_77004.png", "size": 144760, "thumbnail_archive_path": "screenshots/thumbnail_77004.png", "timestamp": "00:01:17.004", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_78086.png", "size": 145080, "thumbnail_archive_path": "screenshots/thumbnail_78086.png", "timestamp": "00:01:18.086", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_82210.png", "size": 126715, "thumbnail_archive_path": "screenshots/thumbnail_82210.png", "timestamp": "00:01:22.210", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_83218.png", "size": 127128, "thumbnail_archive_path": "screenshots/thumbnail_83218.png", "timestamp": "00:01:23.218", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_84240.png", "size": 133608, "thumbnail_archive_path": "screenshots/thumbnail_84240.png", "timestamp": "00:01:24.240", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_85241.png", "size": 139620, "thumbnail_archive_path": "screenshots/thumbnail_85241.png", "timestamp": "00:01:25.241", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_87338.png", "size": 141818, "thumbnail_archive_path": "screenshots/thumbnail_87338.png", "timestamp": "00:01:27.338", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_88354.png", "size": 67918, "thumbnail_archive_path": "screenshots/thumbnail_88354.png", "timestamp": "00:01:28.354", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_90366.png", "size": 124882, "thumbnail_archive_path": "screenshots/thumbnail_90366.png", "timestamp": "00:01:30.366", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_92459.png", "size": 124013, "thumbnail_archive_path": "screenshots/thumbnail_92459.png", "timestamp": "00:01:32.459", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_94513.png", "size": 99023, "thumbnail_archive_path": "screenshots/thumbnail_94513.png", "timestamp": "00:01:34.513", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_95517.png", "size": 101464, "thumbnail_archive_path": "screenshots/thumbnail_95517.png", "timestamp": "00:01:35.517", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_96546.png", "size": 101368, "thumbnail_archive_path": "screenshots/thumbnail_96546.png", "timestamp": "00:01:36.546", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_97584.png", "size": 102718, "thumbnail_archive_path": "screenshots/thumbnail_97584.png", "timestamp": "00:01:37.584", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_101668.png", "size": 105758, "thumbnail_archive_path": "screenshots/thumbnail_101668.png", "timestamp": "00:01:41.668", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_103733.png", "size": 105846, "thumbnail_archive_path": "screenshots/thumbnail_103733.png", "timestamp": "00:01:43.733", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_104743.png", "size": 105813, "thumbnail_archive_path": "screenshots/thumbnail_104743.png", "timestamp": "00:01:44.743", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_109760.png", "size": 152508, "thumbnail_archive_path": "screenshots/thumbnail_109760.png", "timestamp": "00:01:49.760", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_113949.png", "size": 179605, "thumbnail_archive_path": "screenshots/thumbnail_113949.png", "timestamp": "00:01:53.949", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_114949.png", "size": 133361, "thumbnail_archive_path": "screenshots/thumbnail_114949.png", "timestamp": "00:01:54.949", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_133360.png", "size": 3848, "thumbnail_archive_path": "screenshots/thumbnail_133360.png", "timestamp": "00:02:13.360", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_137361.png", "size": 15901, "thumbnail_archive_path": "screenshots/thumbnail_137361.png", "timestamp": "00:02:17.361", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_139364.png", "size": 16654, "thumbnail_archive_path": "screenshots/thumbnail_139364.png", "timestamp": "00:02:19.364", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_140364.png", "size": 158374, "thumbnail_archive_path": "screenshots/thumbnail_140364.png", "timestamp": "00:02:20.364", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2018-01-15 17:39", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "11.2.202.228", "internet_explorer_version": "11.0.9600.17031", "java_version": "7.0.510.13", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.3.9600.17031_(6066913d-fbad-4ef6-b754-e136c12beca3)", "vm_name": null, "vm_os": "windows_8.1" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [ { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\desktop.ini", "hashes": [ { "md5_hash": "ecf88f261853fe08d58e2e903220da14", "sha1_hash": "f72807a9e081906654ae196605e681d5938a2e6c", "sha256_hash": "cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_175", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5jghkoaofdp\\documents\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\5JgHKoaOfdp\\Documents\\My Shapes\\desktop.ini", "hashes": [ { "md5_hash": "14967ba849b93421843b52d7e50b75a8", "sha1_hash": "523e3329eaf92f12918c1ceaee8b575e74e88318", "sha256_hash": "88c8875112fe06eeb89c4b53bab11c72f6db6ad6621fbc94c29e0ac50f83cb06", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5jghkoaofdp\\documents\\my shapes\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_574", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5jghkoaofdp\\documents\\my shapes\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\5JgHKoaOfdp\\Music\\desktop.ini", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\music\\desktop.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_masquerade", "category_desc": "Masquerade", "operation": "_change_folder_appearance", "operation_desc": "Change folder appearance", "ref_gfncalls": [ { "ref_id": "gfn_897", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_change_folder_appearance", "technique_desc": "Folder \"c:\\users\\5jghkoaofdp\\music\" has a changed appearance.", "technique_path": "built_in._masquerade._change_folder_appearance.vmray_change_folder_appearance", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\5JgHKoaOfdp\\Desktop\\ViLLuBaagV2DSJK7a.png", "hashes": [], "norm_filename": "c:\\users\\5jghkoaofdp\\desktop\\villubaagv2dsjk7a.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_delete_user_files", "operation_desc": "Delete user files", "ref_gfncalls": [ { "ref_id": "gfn_1289", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_delete_user_files", "technique_desc": "Delete multiple user files. This is an indicator for ransomware or wiper malware.", "technique_path": "built_in._file_system._delete_user_files.vmray_delete_user_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_1891", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"C:\\Users\\5JgHKoaOfdp\\Desktop\\#Decryptor.exe\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_device", "category_desc": "Device", "operation": "_hook_mouse", "operation_desc": "Monitor mouse movements and clicks", "ref_gfncalls": [ { "ref_id": "gfn_2082", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hook_mouse_by_keystate_api", "technique_desc": "Frequently read the state of a mouse button by API.", "technique_path": "built_in._device._hook_mouse.vmray_hook_mouse_by_keystate_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_create_many_files", "operation_desc": "Create many files", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_many_files", "technique_desc": "Create above average number of files.", "technique_path": "built_in._file_system._create_many_files.vmray_create_many_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\5jghkoaofdp\\desktop\\#decryptor.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Default (PE, ...)", "vti_score": 85 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }